Sign Docker images #49

docktermj · 2021-12-08T14:17:31Z

Currently, the docker images that are uploaded to dockerhub are not signed, which means for a user who is pulling the image, there is no way to verify whether the image was actually built and pushed from github. This is part of a larger effort to improve senzing's supply chain security, and more specifically to prevent an attacker who has stolen access to the senzing's dockerhub account and starts pushing malicious images up to the cloud.

GitHub now offers a new service to sign containers. This request is to sign the Senzing-created containers.

References:

jamietypovsky · 2023-07-27T15:33:36Z

This on hold until we finalize our set of supported docker images.

docktermj added this to Requested in community-roadmap via automation Dec 8, 2021

github-actions bot added the triage Need to triage label Dec 8, 2021

jamietypovsky removed the triage Need to triage label Dec 14, 2021

docktermj moved this from Requested to In progress in community-roadmap Jun 13, 2022

docktermj assigned mahchiahui Jun 13, 2022

jamietypovsky unassigned mahchiahui Jan 9, 2023

jamietypovsky moved this from In progress to Accepted in community-roadmap Jan 19, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sign Docker images #49

Sign Docker images #49

docktermj commented Dec 8, 2021 •

edited

Loading

jamietypovsky commented Jul 27, 2023

Sign Docker images #49

Sign Docker images #49

Comments

docktermj commented Dec 8, 2021 • edited Loading

References:

jamietypovsky commented Jul 27, 2023

docktermj commented Dec 8, 2021 •

edited

Loading