Closed jshield closed 1 year ago
The Docker image (container) has been named after the character Ryuk from Death Note. After reading the Wikipedia article, I can understand that this could potentially cause confusion for people who are not familiar with the moby-ryuk project.
Other language implementations of Testcontainers also rely on moby-ryuk. Therefore, it's not something we can simply rename. I suggest creating an issue in the upstream repository.
less explaining to IT security why a testing tool has a component that is notionally associated with criminals.
We have mentioned Ryuk in our documentation. Do you or your IT security department have any suggestions on what information might be missing? Despite all the sources being publicly available, I'm uncertain about what else we should include.
Hey thanks for the quick reply, just it got flagged on the name alone in a PR review, as we are in the process of implementing a solution for container risk mitigation as part of a broader set of supply chain integrity enhancements, I have to submit containers to be included as part of the cached images available on our build agent images until we formalize our internal container registry and SCA tooling.
Probably as suggested put an explainer in the doco regarding the etymology of the name would help speed that process up, several members of the sec team were aware that it was likely named after the anime character, but for the sake of records keeping and supply chain integrity we still needed to document it explicitly, which may lead to questions if we get hit by an audit, etc.
as you suggest I'll look at raising the issue on the upstream repository, it is a shame as it is a rather appropriate name, but sadly it is somewhat radioactive in an enterprise landscape.
Problem
https://en.wikipedia.org/wiki/Ryuk_(ransomware)
Solution
rename the container and tool
Benefit
less explaining to IT security why a testing tool has a component that is notionally associated with criminals.
Alternatives
adding a clear disclaimer on the main page.
Would you like to help contributing this enhancement?
Yes