Base Image Version Up-to-date and Consistent (SL011)

Checks skaffold.yaml base images for version consistency between sandbox and production and suggests newer versions.

Description

Parses skaffold.yaml to extract sandbox and production base images. Reports ERROR if the versions differ or if the base images skaffold.yaml could not be found. Warns if unable to check latest versions or if a newer base image exists in Nexus.

Rationale

Using consistent and current base images reduces risk and drift across environments.

Findings

ERROR
- Sandbox base image version does not match production base image version
- Could not find base images in skaffold.yaml
WARNING
- Could not check for newer versions of base image
- Base image is not the latest available version

Noncompliant

Mismatched sandbox and production base image versions

# skaffold.yaml (mismatched versions)
apiVersion: skaffold/v3
kind: Config
build:
  artifacts:
    - image: nexus/mapsandbox/base/java21-jre:1.2.0
profiles:
  - name: production
    build:
      artifacts:
        - image: nexus/mapsandbox/base/java21-jre:1.3.0

Compliant

Matching base image versions and up-to-date

# skaffold.yaml (matching and up-to-date)
apiVersion: skaffold/v3
kind: Config
build:
  artifacts:
    - image: nexus/mapsandbox/base/java21-jre:1.3.1
profiles:
  - name: production
    build:
      artifacts:
        - image: nexus/mapsandbox/base/java21-jre:1.3.1

Configuration

This rule has no configuration.