Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

scout attest ootb policy #18606

Merged
merged 2 commits into from
Nov 10, 2023
Merged

scout attest ootb policy #18606

merged 2 commits into from
Nov 10, 2023

Conversation

dvdksn
Copy link
Collaborator

@dvdksn dvdksn commented Nov 6, 2023

  • scout: add attestation ootb policy
  • build: clarify default image store limitation

@dvdksn dvdksn requested a review from crazy-max as a code owner November 6, 2023 15:11
@netlify Netlify
Copy link

netlify bot commented Nov 6, 2023
edited
Loading

Deploy Preview for docsdocker ready!

Name Link
🔨 Latest commit 241040e
🔍 Latest deploy log https://app.netlify.com/sites/docsdocker/deploys/654e464d4be999000803dc31
😎 Deploy Preview https://deploy-preview-18606--docsdocker.netlify.app/scout/policy
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@dvdksn dvdksn requested a review from a team November 7, 2023 08:26
@dvdksn dvdksn force-pushed the scout-attest-ootb-policy branch 2 times, most recently from f09774d to c44a79e Compare November 7, 2023 08:29
aevesdocker
aevesdocker previously approved these changes Nov 7, 2023
View reviewed changes
@dvdksn dvdksn force-pushed the scout-attest-ootb-policy branch from c44a79e to 7114da9 Compare November 8, 2023 17:37
@dvdksn dvdksn force-pushed the scout-attest-ootb-policy branch from 7114da9 to 6391863 Compare November 8, 2023 17:39
rnorton5432
rnorton5432 suggested changes Nov 8, 2023
View reviewed changes
content/scout/policy/_index.md Outdated
[provenance](../../build/attestations/slsa-provenance.md) attestations.

This policy is unfulfilled if an artifact is lacking either an SBOM
attestation, or a provenance attestation with information about the Git
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

condition is backwards here, should be

..., or a provenance attestation without information about the Git repository and base images is being used`

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe the wording is not perfect here but saying that "policy is unfulfilled if an artifact is lacking [...] a provenance attestation without information about the Git repository and base images" becomes a double negative.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It reads to me currently as

policy is unfulfilled if ... a provenance attestation with information about the Git repository and base images is being used.

which is the opposite of what we want.

Maybe this?

This policy is unfulfilled if an artifact is lacking either an SBOM attestation
or a provenance attestation, or if the provenance is lacking information
about the Git repository and base images used.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

your suggestion reads better, let me update it

@dvdksn dvdksn requested a review from aevesdocker November 9, 2023 09:19
aevesdocker
aevesdocker previously approved these changes Nov 9, 2023
View reviewed changes
@dvdksn dvdksn force-pushed the scout-attest-ootb-policy branch from 6391863 to 781ade2 Compare November 9, 2023 15:29
usha-mandya
usha-mandya reviewed Nov 10, 2023
View reviewed changes
Copy link
Member

@usha-mandya usha-mandya left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Noted a minor suggestion. Looks good otherwise

@dvdksn dvdksn force-pushed the scout-attest-ootb-policy branch from 781ade2 to 241040e Compare November 10, 2023 15:03
@dvdksn dvdksn requested a review from usha-mandya November 10, 2023 15:03
@dvdksn dvdksn merged commit dadaefc into docker:main Nov 10, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rnorton5432 rnorton5432 rnorton5432 approved these changes

@tazin-docker tazin-docker tazin-docker approved these changes

@usha-mandya usha-mandya usha-mandya approved these changes

@aevesdocker aevesdocker aevesdocker left review comments

@crazy-max crazy-max Awaiting requested review from crazy-max

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@dvdksn @usha-mandya @aevesdocker @tazin-docker @rnorton5432