[CMP-1174] SRG-APP-000131-CTR-000285: OCP must verify container images

Type: Sub-task
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
None

Blocked:
False
Ready:
False
Feature Link:
OCPSTRAT-438 - Support Creation for DISA-STIG Profile
Market:

Sprint:
CMP Sprint 41

SFDC Cases Links:
SFDC Cases Open:
SFDC Cases Counter:

Vincent Shen added a comment - 2022/01/25 9:30 PM - edited

Thanks for taking a look on this, we have a rule to check if the policy is in place: https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/integrity/reject_unsigned_images_by_default/rule.yml, I copied the check to the spreadsheet

Vincent Shen added a comment - 2022/01/25 9:30 PM - edited Thanks for taking a look on this, we have a rule to check if the policy is in place: https://github.com/ComplianceAsCode/content/blob/master/applications/openshift/integrity/reject_unsigned_images_by_default/rule.yml, I copied the check to the spreadsheet

Dusty Mabe added a comment - 2022/01/25 9:02 PM - edited

Following the breadcrumbs from #1349 it appears that all images are signed now. Most everything in this space is linking to https://access.redhat.com/verify-images-ocp4 for how to do it.

Dusty Mabe added a comment - 2022/01/25 9:02 PM - edited Following the breadcrumbs from #1349 it appears that all images are signed now . Most everything in this space is linking to https://access.redhat.com/verify-images-ocp4 for how to do it.

Colin Walters added a comment - 2022/01/25 8:34 PM

https://github.com/openshift/machine-config-operator/issues/1349

Colin Walters added a comment - 2022/01/25 8:34 PM https://github.com/openshift/machine-config-operator/issues/1349

Colin Walters added a comment - 2022/01/25 8:32 PM

Related: https://github.com/openshift/machine-config-operator/pull/803

Colin Walters added a comment - 2022/01/25 8:32 PM Related: https://github.com/openshift/machine-config-operator/pull/803

Dusty Mabe added a comment - 2022/01/25 8:25 PM

Link to the cell in the spreadsheet: https://docs.google.com/spreadsheets/d/1oTUEUSkpumEpGqeBvhEHkJxcGUxMgoG1/edit#gid=959715005&range=C45

Dusty Mabe added a comment - 2022/01/25 8:25 PM Link to the cell in the spreadsheet: https://docs.google.com/spreadsheets/d/1oTUEUSkpumEpGqeBvhEHkJxcGUxMgoG1/edit#gid=959715005&range=C45

Assignee:: Vincent Shen

Reporter:: David Anderson

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2022/01/19 8:22 PM

Updated:: 2022/03/15 5:13 PM

Resolved:: 2022/01/26 10:35 PM

Details

Attachments

Easy Agile Planning Poker

Activity

Collapse comment: Vincent Shen added a comment - 2022/01/25 9:30 PM, Edited by Vincent Shen - 2022/01/25 9:31 PM

Expand comment: Vincent Shen added a comment - 2022/01/25 9:30 PM, Edited by Vincent Shen - 2022/01/25 9:31 PM

Collapse comment: Dusty Mabe added a comment - 2022/01/25 9:02 PM, Edited by Dusty Mabe - 2022/01/25 9:03 PM

Expand comment: Dusty Mabe added a comment - 2022/01/25 9:02 PM, Edited by Dusty Mabe - 2022/01/25 9:03 PM

Collapse comment: Colin Walters added a comment - 2022/01/25 8:34 PM

Expand comment: Colin Walters added a comment - 2022/01/25 8:34 PM

Collapse comment: Colin Walters added a comment - 2022/01/25 8:32 PM

Expand comment: Colin Walters added a comment - 2022/01/25 8:32 PM

Collapse comment: Dusty Mabe added a comment - 2022/01/25 8:25 PM

Expand comment: Dusty Mabe added a comment - 2022/01/25 8:25 PM

People

Dates