Replies: 2 comments
-
My thought is that if we bake image signing into the pipeline, it should be transparent to the image maintainers, but adds another layer of security for us |
Beta Was this translation helpful? Give feedback.
0 replies
-
Yeah - re-looking at how we publish images for Airflow sounds like a really good task to pick up. The action we've made currently... works, but that's all I'm going to say in it's defense hahaha |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I've created this discussion to ask - Should we only permit signed container images in Airflow?
They can only currently be pulled from specified repositories i.e. ECR. so this maybe slightly redundant.
馃檱
Beta Was this translation helpful? Give feedback.
All reactions