Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v1.3.5 needs to be signed, tagged and published. #405

Open
konstruktoid opened this issue Nov 6, 2019 · 22 comments
Open

v1.3.5 needs to be signed, tagged and published. #405

konstruktoid opened this issue Nov 6, 2019 · 22 comments

Comments

@konstruktoid
Copy link
Collaborator

v1.3.5 was just released; https://github.com/docker/docker-bench-security/releases/tag/v1.3.5.
The image needs to be signed by Docker, have a :latest and a version tag added to the image and published.

@konstruktoid
Copy link
Collaborator Author

Relates to #329

@konstruktoid
Copy link
Collaborator Author

@diogomonica @docker/security?

@konstruktoid
Copy link
Collaborator Author

@justincormack
Copy link
Member

Hmm, Diogo no longer works at Docker. I don't actually know who has access to the signing key (there may be a copy in the safe). @konstruktoid who has done this in the past?

@konstruktoid
Copy link
Collaborator Author

Hi @justincormack, that's good to know since he was the creator (4873078) and original maintainer.

He also signed and pushed the images in the past, #138.

@konstruktoid
Copy link
Collaborator Author

Any progress @justincormack @docker/security?

@illyaMs
Copy link
Contributor

illyaMs commented Apr 11, 2020

A pity that this issue did not get proper attention during the 5 month since creation.
All recent additions/improvements are not delivered to image consumers, so everyone is using a 1.3.4 version.

We've managed to workaround it by pushing our own image built on latest state of master branch. But that obviously is not a way we'd like to handle (sitting on upstream docker/docker-bench-security would be way better for obvious reasons).

@konstruktoid
Copy link
Collaborator Author

I totally agree @illyaMs.

Any progress @justincormack @docker/security?

@konstruktoid
Copy link
Collaborator Author

Monthly reminder, @justincormack.

@yaminisridaran
Copy link

@konstruktoid I would like to contribute for this issue to be solved. Can you please guide me

@konstruktoid
Copy link
Collaborator Author

Thanks @yaminisridaran , but this is done by the Docker organization. Previously by Diogo Mónica and now ... someone else. See #405 (comment).

@konstruktoid
Copy link
Collaborator Author

Ping @justincormack

@konstruktoid
Copy link
Collaborator Author

Ping @justincormack

@konstruktoid
Copy link
Collaborator Author

Monthly Yearly reminder.

@justincormack

@michi88
Copy link

michi88 commented Jan 6, 2022

This has caused a lot of time for me to debug (that the latest docker version is not up to date with the sources here). Maybe we should add this to the README until it is resolved?

@konstruktoid
Copy link
Collaborator Author

So sorry about that @michi88, I actually thought there was.
I merged #494

@martongajarszky
Copy link

Hello @konstruktoid,
Will there be a new release of docker-bench?
Running the script from the master branch, states it is version 1.3.6 but it has not been released.
Thank You!
(Btw it is a nice piece of work!)

@konstruktoid
Copy link
Collaborator Author

CIS Docker Benchmark v1.4.0 was published yesterday and I'll will update the scripts to match that one, and then tag and release 1.3.6.

I have no idea if there will be an official Docker image. I guess this comment counts as the yearly reminder.

@brianonn
Copy link

reminder for 2023 :)
docker/docker-bench-security:latest is now just days away from being 4 years old
last updated: Jan 24, 2019 at 7:48 am

@konstruktoid
Copy link
Collaborator Author

I think we just passed 900 workdays 🍰

@bignay2000
Copy link

Docker not being able to Docker :)

@xsolinsx
Copy link

yearly reminder I guess?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

9 participants