The way I was thinking this would work would be as a stage in Jenkins prior to image signing. This should also have a quality gate that determines image health prior to signing.
Alternatively, this could be something triggered by the operator as part of the fulfillment of the imageSigningRequest CRD...
Regardless there needs to be a way for the image signing service to verify that a scan has been performed (this can be raised as a separate issue if this gets too large)
The way I was thinking this would work would be as a stage in Jenkins prior to image signing. This should also have a quality gate that determines image health prior to signing.
Alternatively, this could be something triggered by the operator as part of the fulfillment of the imageSigningRequest CRD...
Regardless there needs to be a way for the image signing service to verify that a scan has been performed (this can be raised as a separate issue if this gets too large)