-
Epic
-
Resolution:
Won't Do
-
Major
-
None
-
None
-
None
-
-
Integration with Clair
-
-
-
-
-
-
Undefined
Epic Goal
- Use Clair to scan image registry images for vulnerabilities.
- Allow Container Security Operator to get scan results from the image registry.
Why is this important?
- When customers use potentially insecure images, they should be aware of it.
Scenarios
- When a vulnerable image is deployed on the cluster using the integrated image registry, the registry should notify the customer about vulnerabilities.
Acceptance Criteria
- Sound understanding of Clair architecture and integration
- Enhancement Design describing the Clair / IR integration and end2end flow
Dependencies (internal and external)
- ...
Previous Work (Optional):
- …
Open questions::
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
- DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
- DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>