Yes, Dynamic Threat Analysis (DTA) is a best practice for all container images that will be used in a production setup, regardless if they were built internally or provided by a third party.
In today's complex software supply chain, even images built internally are often based on external base images and, in most cases, contain many packages from open-source repositories. In recent times, we have seen incidents of repository poisoning and weak governance of open-source projects, leading to organizations unaware of potentially malicious code embedded in their images. Running DTA remains a best practice for early detection of these situations before an image is used in production setup with access to production data.
Did you find it helpful?Send feedback