More use cases than scanning for known vulnerabilities #606
Comments
|
hi @hendrikhalkow , this is an important topic to investigate. |
|
Also, Kritis can check for signatures already. Please take a look at the GenericAttestationPolicy https://github.com/grafeas/kritis/blob/master/pkg/kritis/apis/kritis/v1beta1/genericattestation.go |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Kritis should do more things than just scanning for known vulnerabilities. What I'd like to see is checking for signatures, verifying that tests have been run and test coverage is above certain threshold, open source license compliance, etc.
I think it should provide some generic interface to verify an image agains arbitrary metadata from Grafeas, which leads us to the idea of integrating Kritis with Gatekeeper.
It could look like this: Kritis provides Grafeas data including attestation information to Gatekeeper so that Gatekeeper can make admission decisions.
See also Gatekeeper issue 1293.
The text was updated successfully, but these errors were encountered: