Support Case: 03838138
Brought up on behalf of ISV partner QUID INFORMATICA SPA

As a seeker of certification for a Helm chart to be "catalog only", the present Helm chart report submission process requires creating a GitHub PR with the Helm Chart Certification Report for the chart in question.  

The report contains the full specification URLs of every container image that the Helm chart installs. This partner considers that to be sensitive information, as it could allow a potential customer, competitor, hacker, etc. to access the images (or at least attempt to access them).  

Suggestion: Instead of displaying this in the report:

    - check: v1.1/images-are-certified
      type: Mandatory
      outcome: PASS
      reason: |-
        Image is Red Hat certified : gigamon/gigamon-gigavue-uctc-tap:6.5.00-424867
        Image is Red Hat certified : gigamon/gigamon-gigavue-uctc-cntlr:6.5.00-424867
 

display this (or something similar) instead:

    - check: v1.1/images-are-certified
      type: Mandatory
      outcome: PASS
      reason: All images are Red Hat Certified.
 

In the event of test failure, the report could show the 'simple' repository:tag value instead of the full URL.

Owner: Architect:

_<Architect is responsible for completing this section to define the
details of the story>_

Story (Required)

As an OpenShift user

_<Describes high level purpose and goal for this story. Answers the
questions: Who is impacted, what is it and why do we need it? How does it
improve the customer’s experience?>_

Background (Required)

<Describes the context or background related to this story>

Glossary

<List of new terms and definition used in this story>

Out of scope

<Defines what is not included in this story>

In Scope

<Defines what is included in this story>

Approach(Required)

_<Description of the general technical path on how to achieve the goal of
the story. Include details like json schema, class definitions>_

Demo requirements(Required)

_<Description of demo which would show the value of this story. Any demo
should also be included as part of the acceptance criteria.>_

Dependencies

_<Describes what this story depends on. Dependent Stories and EPICs should
be linked to the story.>_

Edge Case

_<Describe edge cases to consider when implementing the story and defining
tests>_

Acceptance Criteria

_<Provides a required and minimum list of acceptance tests for this story.
More is expected as the engineer implements this story>_

Development:

QE:
Documentation: Yes/No (needs-docs|upstream-docs / no-doc)

Upstream: <Inputs/Requirement details: Concept/Procedure>/ Not
Applicable

Downstream: <Inputs/Requirement details: Concept/Procedure>/ Not
Applicable

Release Notes Type: <New Feature/Enhancement/Known Issue/Bug
fix/Breaking change/Deprecated Functionality/Technology Preview>

INVEST Checklist

Dependencies identified

Blockers noted and expected delivery timelines set

Design is implementable

Acceptance criteria agreed upon

Story estimated

v

Legend

Unknown

Verified

Unsatisfied