mvanholsteijn
commented
3 years ago I submitted a pull request to solve this issue -> https://github.com/grafeas/kritis/pull/587
Closed mvanholsteijn closed 3 years ago
mvanholsteijn
commented
3 years ago I submitted a pull request to solve this issue -> https://github.com/grafeas/kritis/pull/587
ooq
commented
3 years ago Thanks @mvanholsteijn for the PR! The auto-signing mode was indeed another architecture considered. I'll take a look.
mvanholsteijn
commented
3 years ago I can actually provide you with a terraform template to see this one in action. Are you interested?
mvanholsteijn
commented
3 years ago I made the service entirely configurable through environment variables, which allows for the container image to be used without modification.
mvanholsteijn
commented
3 years ago Checkout my blog on the subject https://binx.io/blog/2020/11/29/how-to-automate-the-kritis-signer-on-google-cloud-platform/
ooq
commented
3 years ago @mvanholsteijn Hi Mark, this is very exciting stuff! Sorry for the delay due to holidays. If you want to update the PR with terraform scripts, I'll review them together.
mvanholsteijn
commented
3 years ago @ooq, I think I will leave out the terraform template for now. It is quite elaborate: I will see if I can turn it into a tf module instead.
Is your feature request related to a problem? Please describe. I want to be able to automatically add an attestation for any GCR image after its vulnerability scan is completed.
Describe the solution you'd like
container-analysis-occurrences-v1Describe alternatives you've considered I considered writing a little cloud run service to handle the pubsub event and in turn, invoking the signer. This would result in a bigger container runtime.
Additional context Add any other context or screenshots about the feature request here.