Difficulty: Intermediate
Estimated Time: 5 minutes

CloudSecOps

We'll learn how to use OPA Gatekeeper to prevent pods from using images tagged as "latest".

In this scenario, we have seen how to prohibit the usage of images having the "latest" tag and the reason behind the need of this policy in our organizations.

For more info on this scenario - Block "latest" Image Tag

For more OPA Gatekeeper use-cases - Mastering OPA Policies

Block "Latest" Image Tag

Step 1 of 4

Reason

Often in many environments, pulling images without specifing any tags will by default result in the image with tag "latest" being pulled instead of the recently updated image. Hence blocking of images with the "latest" tag will prevent accidental usage of images tagged "latest" that actually may not be the latest.