FINOS-CCC/CCC.CntrReg.TH Threat Catalog

FINOS-CCC/CCC.CntrReg.TH

Threats for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

Published by FINOS Common Cloud Controls

Install

OCI v1.1

$grcli unpack --repository finos-ccc/ccc.cntrreg.th --tag v2026.06-rc3

Coordinate: oci.grc.store/finos-ccc/ccc.cntrreg.th:v2026.06-rc3
Manifest digest: sha256:78cff9470a0d1c3e6b681ea21bff5ab0d4fdc5b99de1f988b2ebd26674a26628

Provenance

1 layer

Digest	Media type	Size
5cd73fb6c79b…	application/vnd.gemara.artifact.v1+yaml	3.0 KiB

Bundle config blob

{
  "bundle-version": "1.0",
  "gemara-version": "v1.2.0",
  "metadata": {
    "provenance": {
      "buildDefinition": {
        "buildType": "https://grc.store/grcli/buildtype/v0",
        "externalParameters": {
          "artifact": {
            "id": "CCC.CntrReg.TH",
            "type": "ThreatCatalog"
          },
          "target": {
            "registry": "oci.grc.store",
            "repository": "finos-ccc/ccc.cntrreg.th",
            "tag": "v2026.06-rc3"
          }
        },
        "internalParameters": {
          "CI": "true",
          "GITHUB_ACTIONS": "true",
          "GITHUB_ACTOR": "eddie-knight",
          "GITHUB_REF": "refs/heads/main",
          "GITHUB_REPOSITORY": "eddie-knight/common-cloud-controls",
          "GITHUB_RUN_ATTEMPT": "2",
          "GITHUB_RUN_ID": "26768391088",
          "GITHUB_SHA": "24594e28430c12318cacffe7fdda6a3ea272d975",
          "GITHUB_WORKFLOW": "Batch Release All Catalogs",
          "RUNNER_OS": "Linux"
        },
        "resolvedDependencies": [
          {
            "name": "artifacts/devtools/container-registry/threats.yaml",
            "uri": "file://artifacts/devtools/container-registry/threats.yaml",
            "digest": {
              "sha256": "5cd73fb6c79b2ff777090e63259eceed81d0487dfc2808c2ee986a6e64d6b24c"
            }
          },
          {
            "name": "source",
            "uri": "git+https://github.com/eddie-knight/common-cloud-controls@24594e28430c12318cacffe7fdda6a3ea272d975",
            "digest": {
              "gitCommit": "24594e28430c12318cacffe7fdda6a3ea272d975"
            }
          }
        ]
      },
      "runDetails": {
        "builder": {
          "id": "https://github.com/eddie-knight/common-cloud-controls/actions/runs/26768391088",
          "version": {
            "go": "go1.25.0",
            "go-arch": "amd64",
            "go-os": "linux",
            "grcli": "v0.2.2"
          }
        },
        "metadata": {
          "invocationId": "26768391088-2",
          "startedOn": "2026-06-01T16:44:38.752546492Z",
          "finishedOn": "2026-06-01T16:44:38.841014958Z"
        },
        "byproducts": [
          {
            "name": "threats.yaml",
            "digest": {
              "sha256": "5cd73fb6c79b2ff777090e63259eceed81d0487dfc2808c2ee986a6e64d6b24c"
            }
          }
        ]
      }
    }
  },
  "artifacts": [
    {
      "name": "threats.yaml",
      "type": "ThreatCatalog",
      "id": "CCC.CntrReg.TH",
      "role": "artifact"
    }
  ]
}

CCC Container Registry Threats

Threats for Container Registry technologies, as defined by the FINOS Common Cloud Controls project.

ID: CCC.CntrReg.TH
Version: v2026.06-rc3
Gemara version: v1.2.0
Author: FINOS Common Cloud Controls

Resource Management

The Resource Management group covers entries related to the lifecycle, configuration, and operational integrity of cloud resources. This includes resource exhaustion, tag manipulation, version rollback, scaling, and cost management.

CCC.CntrReg.TH01 Vulnerabilities in Artifacts are Exploited
Attackers exploit known vulnerabilities in container images or artifacts stored in the registry, leading to unauthorized access, data breaches, or system compromise.
Capabilities
- CCC.CntrReg.Capabilities
  - CCC.CntrReg.CP05
CCC.CntrReg.TH02 Accumulation of Unused Artifacts
The registry accumulates outdated or unused artifacts, increasing storage costs and the risk of deploying vulnerable or untested versions.
Capabilities
- CCC.CntrReg.Capabilities
  - CCC.CntrReg.CP04
- CCC.Core.Capabilities
  - CCC.Core.CP18

Install

Provenance

Resource Management

Capabilities

Capabilities