Closed mvanholsteijn closed 3 years ago
I submitted a pull request to solve this issue -> https://github.com/grafeas/kritis/pull/587
Thanks @mvanholsteijn for the PR! The auto-signing mode was indeed another architecture considered. I'll take a look.
I can actually provide you with a terraform template to see this one in action. Are you interested?
I made the service entirely configurable through environment variables, which allows for the container image to be used without modification.
Checkout my blog on the subject https://binx.io/blog/2020/11/29/how-to-automate-the-kritis-signer-on-google-cloud-platform/
@mvanholsteijn Hi Mark, this is very exciting stuff! Sorry for the delay due to holidays. If you want to update the PR with terraform scripts, I'll review them together.
@ooq, I think I will leave out the terraform template for now. It is quite elaborate: I will see if I can turn it into a tf module instead.
Is your feature request related to a problem? Please describe. I want to be able to automatically add an attestation for any GCR image after its vulnerability scan is completed.
Describe the solution you'd like
container-analysis-occurrences-v1
Describe alternatives you've considered I considered writing a little cloud run service to handle the pubsub event and in turn, invoking the signer. This would result in a bigger container runtime.
Additional context Add any other context or screenshots about the feature request here.