joschi
commented
6 years ago @natlibfi-arlehiko Do you know how that would work with automated builds on Docker Hub? I don't see how we could sign the images during the build process on Docker Hub.
Open natlibfi-arlehiko opened 6 years ago
joschi
commented
6 years ago @natlibfi-arlehiko Do you know how that would work with automated builds on Docker Hub? I don't see how we could sign the images during the build process on Docker Hub.
natlibfi-arlehiko
commented
6 years ago If the images are built by Docker Hub then they would be signed with their keys. Enabling content trust for automated builds seems not to be implemented.
I've contacted Docker about this. I'll updated this issue when they get back to me.
quay.io might support automated signing of images.
ntimo
commented
5 years ago Maybe it would also be a good idea to have the Graylog container image as a official docker image? https://docs.docker.com/docker-hub/official_images/
Please sign your Docker images using content trust.
Signed images allow user to verify that the images are not tampered with.