Uploaded image for project: 'OpenShift Image Registry'
  1. OpenShift Image Registry
  2. IR-163

Integration with Clair

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • None
    • None
    • None
    • Integration with Clair
    • False
    • False
    • To Do
    • 100
    • 100% 100%
    • Undefined

      Epic Goal

      • Use Clair to scan image registry images for vulnerabilities.
      • Allow Container Security Operator to get scan results from the image registry.

      Why is this important?

      • When customers use potentially insecure images, they should be aware of it.

      Scenarios

      1. When a vulnerable image is deployed on the cluster using the integrated image registry, the registry should notify the customer about vulnerabilities.

      Acceptance Criteria

      • Sound understanding of Clair architecture and integration
      • Enhancement Design describing the Clair / IR integration and end2end flow

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      Open questions::

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

            Unassigned Unassigned
            obulatov@redhat.com Oleg Bulatov
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: