cosign icon indicating copy to clipboard operation
cosign copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Reading Vunerablities Report in ECR and sign the image

Open konthamvivek opened this issue 3 years ago • 1 comments

Question

Docker Images are hosted in Elastic container registry in AWS and image scanning is enabled in container registry where i can get vunerablities report of docker image , i need to sign the docker image with the vulnerabilities report (if vunerablities are high and critical the image should not sign ) . can we do the vunerablities check validating with a policy and sign the image using cosign?

konthamvivek avatar Aug 19 '22 06:08 konthamvivek

Hey! This might be a better question for slack. This is definitely possible, but the right approach will vary depending on your build system and security scanner. Can you ask in there and we can help out?

dlorenc avatar Aug 20 '22 00:08 dlorenc

Discussed in slack, closing!

dlorenc avatar Aug 24 '22 15:08 dlorenc