Open fridex opened 2 years ago
/sig stack-guidance
Testing if project assignment works: /project SIG-Stack-Guidance
/project SIG-Stack-Guidance New
/priority backlog
/assign
Reviewed in sig-sg meeting 2022-06-27:
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
/lifecycle stale
/remove-lifecycle stale /lifecycle frozen
Is your feature request related to a problem? Please describe.
As a user of Thoth, I would like to submit my container image to Thoth services and Thoth should give me results of analyses that will tell me if content in the containerized environment is known and if there are any issues associated with the container image and its security.
Describe the solution you'd like
Extend container image analyses so that it not only explores what is present in the containerized environment, but can judge if the container image is find with respect to its content, libraries installed, provenance, and so.
Describe alternatives you've considered
Let users validate their container images, but that is too prone to errors.
Related: https://github.com/thoth-station/micropipenv/issues/206 Related: https://discuss.python.org/t/pip-installation-reports/12316