-
Story
-
Resolution: Done
-
Normal
-
None
-
None
-
None
There is a FIPS checker which is verifying that our images are built correctly for FIPS compliance - https://github.com/openshift/check-payload
We should run this scanner as a part of release testing cycle. Next step is to automate it in jenkins pipeline.
Here is a simple script which is passing list of kiali images to the scanner:
#!/usr/bin/env bash while IFS= read -r file; do ./check-payload --verbose scan operator --spec $file done < <(cat kiali-6-1-3.txt)
cat kiali-6-1-3.txt
brew.registry.redhat.io/openshift-service-mesh/kiali-rhel8-operator@sha256:b4ce0c3dae714c5a20ac6c004da8184a7a03bec4e9bf64b5d70c0d7c5afd05cd
brew.registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:fc4a20724eb0ad8cc9ac83b1a4dc779be8e3aa30ec8010ba9d1d572ca5664ce0
brew.registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:354b9f02267827ff6b8964e4b13a2929fa22fe619850df375e58be05e2584397
brew.registry.redhat.io/openshift-service-mesh/kiali-rhel8@sha256:9e257212ecb7e9681e4438fa28be702ac027ba4ed9e458ab4c360df8b3daf00a
We need to test all images which we ship. We can get the list e.g. from errata.