Details
-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
8
-
False
-
None
-
False
-
0
Description
As an openshift operator
I would like CSO to respect my ICSP rules
So it can scan images from my internal registry instead of reaching out the internet
NOTES
- ICSP definition: https://github.com/openshift/api/blob/a6156965faae5ce117e3cd3735981a3fc0e27e27/operator/v1alpha1/types_image_content_source_policy.go#L25-L44
- How CSO checks if registry supports security scans: https://github.com/quay/container-security-operator/blob/44a4493ddf0fe9adea82906adf6be073f02e61fb/labeller/labeller.go#L305
- Registries.conf documentation: https://github.com/containers/image/blob/main/docs/containers-registries.conf.5.md
ACCEPTANCE CRITERIA
- ICSP rules are interpreted by the CSO operator