Open sluetze opened 11 months ago
signatures SHOULD secure each image against modification.
we could create a rule which checks if the openshift cluster is configured to reject unsigned images: https://docs.openshift.com/container-platform/4.14/security/container_security/security-container-signature.html
rules:
- reject_unsigned_images_by_default
Create a new branch, now based on master https://github.com/sig-bsi-grundschutz/content/tree/sys-1-6-A12-A13
This requirement needs to be adressed on an organizational level.
Eine Idee für eine Regel:
This requirement needs to be adressed on an organizational level.
This requirement can not be checked using the compliance operator. However, the existance of certain image labels should be checked with a container security solution.
Signierte Images: Können wir hier etwas prüfen?