Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Scan images, generate SBOMs, sign images #21

Open
krancour opened this issue Mar 30, 2022 · 0 comments
Open

Scan images, generate SBOMs, sign images #21

krancour opened this issue Mar 30, 2022 · 0 comments
Assignees
@krancour
Labels
security Affects the security of the project in some way

Comments

@krancour
Copy link
Contributor

For Brigade itself and all its peripherals, we're now scanning images for vulnerabilities as part of CI, generating and publishing SBOMs as part of the release process, and also signing our images.

Now that that's been attended to, it's time to move the security conversation farther back in our stack and apply those learnings to the images we regard as tools or a means to an end.

This issue calls for scanning images during CI, generating and publishing SBOMs during release, and signing images.

The pattern for these things is well established by now and I think can reasonably be handled in a single PR.
@krancour krancour added the security Affects the security of the project in some way label Mar 30, 2022
@krancour krancour self-assigned this Mar 30, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@krancour krancour

Labels
security Affects the security of the project in some way
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krancour