I'm not sure if this is the right place for this, but I couldn't find a community Gitter etc (feel free to point me in the right direction).
I am currently putting together a paper and am exploring security and privacy considerations for bioinformatics pipelines.
I was looking through the BioContainer publication and docs to see what mitigations/review processes are in place to prevent poisoned (infected with malware) images being uploaded to the project.
I wasn't able to find much that explicitly addressed this and was hoping the community might be able to shed some light on it! Is there any scanning of images pre-deployment to ensure it meets compliance and security checks? How does the review process for prospective contributions work? Is there support for cryptographic signatures/Docker Content Trust?
lwratten
commented
4 years ago
Hello,
I'm not sure if this is the right place for this, but I couldn't find a community Gitter etc (feel free to point me in the right direction). I am currently putting together a paper and am exploring security and privacy considerations for bioinformatics pipelines. I was looking through the BioContainer publication and docs to see what mitigations/review processes are in place to prevent poisoned (infected with malware) images being uploaded to the project.
I wasn't able to find much that explicitly addressed this and was hoping the community might be able to shed some light on it! Is there any scanning of images pre-deployment to ensure it meets compliance and security checks? How does the review process for prospective contributions work? Is there support for cryptographic signatures/Docker Content Trust?
Guidance on this would be greatly appreciated!
Kind regards, Laura