docker-bench-security v1.3.5 needs to be signed, tagged and published.

v1.3.5 was just released; https://github.com/docker/docker-bench-security/releases/tag/v1.3.5. The image needs to be signed by Docker, have a :latest and a version tag added to the image and published.

Nov 06 '19 07:11 konstruktoid

Relates to #329

Nov 06 '19 07:11 konstruktoid

@diogomonica @docker/security?

Nov 06 '19 14:11 konstruktoid

https://github.com/orgs/docker/teams/security/discussions/1

Nov 12 '19 08:11 konstruktoid

Hmm, Diogo no longer works at Docker. I don't actually know who has access to the signing key (there may be a copy in the safe). @konstruktoid who has done this in the past?

Nov 12 '19 13:11 justincormack

Hi @justincormack, that's good to know since he was the creator (https://github.com/docker/docker-bench-security/commit/487307834fa12a98181365df9bac7225f79a8083) and original maintainer.

He also signed and pushed the images in the past, https://github.com/docker/docker-bench-security/issues/138.

Nov 12 '19 13:11 konstruktoid

Any progress @justincormack @docker/security?

Feb 13 '20 08:02 konstruktoid

A pity that this issue did not get proper attention during the 5 month since creation. All recent additions/improvements are not delivered to image consumers, so everyone is using a 1.3.4 version.

We've managed to workaround it by pushing our own image built on latest state of master branch. But that obviously is not a way we'd like to handle (sitting on upstream docker/docker-bench-security would be way better for obvious reasons).

Apr 11 '20 09:04 illyaMs

I totally agree @illyaMs.

Any progress @justincormack @docker/security?

Apr 11 '20 10:04 konstruktoid

Monthly reminder, @justincormack.

May 19 '20 07:05 konstruktoid

@konstruktoid I would like to contribute for this issue to be solved. Can you please guide me

May 21 '20 04:05 yaminisridaran

Thanks @yaminisridaran , but this is done by the Docker organization. Previously by Diogo Mónica and now ... someone else. See https://github.com/docker/docker-bench-security/issues/405#issuecomment-552887772.

May 22 '20 08:05 konstruktoid

Ping @justincormack

Jul 07 '20 08:07 konstruktoid

Ping @justincormack

Nov 18 '20 12:11 konstruktoid

~~Monthly~~ Yearly reminder.

@justincormack

Feb 23 '21 10:02 konstruktoid

This has caused a lot of time for me to debug (that the latest docker version is not up to date with the sources here). Maybe we should add this to the README until it is resolved?

Jan 06 '22 16:01 michi88

So sorry about that @michi88, I actually thought there was. I merged https://github.com/docker/docker-bench-security/pull/494

Jan 06 '22 20:01 konstruktoid

Hello @konstruktoid, Will there be a new release of docker-bench? Running the script from the master branch, states it is version 1.3.6 but it has not been released. Thank You! (Btw it is a nice piece of work!)