search

OpenSCAP / openscap-daemon

Manages continuous scans of your infrastructure
https://www.open-scap.org/tools/openscap-daemon
GNU Lesser General Public License v2.1
106 stars 32 forks source link

When pushing SPC openscap-daemon Docker images to Docker hub, please sign them #82

Open iankko opened 8 years ago

iankko commented 8 years ago

Docker starting from 1.8 introduced concept of Docker Content Trust (The Update Framework):

which allows images to be signed when publishing to Docker hub. The consumers can later verify the producer of these images (prevent also image forgery, image replay attacks etc.)

We should start using this functionality when creating openscap/openscap-daemon-* SPC containers:

This is more RFE, than a real bug.

jan-cerny commented 7 years ago

I suggest closing this ticket as we don't publish SPCs on Docker Hub anymore, instead there is a container in Red Hat Registry.