Migrate to hardening_manifest.yaml
Please review the contents of the new hardening_manifest.yaml
file.
The image_name
, image_tag
, image_parent_name
, image_parent_tag
, and
container_owner
fields in the greylist will no longer be used. The greylist
will be updated in a future MR.
image_name
and image_tag
have been replaced with the new name
and tags
fields in hardening_manifest.yaml
.
master
branch while you work on an update with a
new tag in development
or feature branches.
image_parent_name
and image_parent_tag
have been replaced by
BASE_IMAGE
and BASE_TAG
in the args:
section of
hardening_manifest.yaml
. You can also add custom args like MY_VERSION
that referenced as ARG MY_VERSION
in your Dockerfile
.
Please review the following:
- Tags
- The most specific tag should be at the top of the
tags
list. For example,v1.2.3
comes beforev1.2
. - The first tag will be shown on https://ironbank.dsop.io
- Additional tags may be added if desired and will be published to https://registry1.dsop.io
- The most specific tag should be at the top of the
- Labels
-
org.opencontainers.image.title
: Required. Human-readable title of the image -
org.opencontainers.image.description
: Required. Human-readable description of the software packaged in the image -
org.opencontainers.image.licenses
: Required. License(s) under which contained software is distributed. Please use the SPDX identfier if using a standard open source license. -
org.opencontainers.image.url
: URL to find more information on the image -
org.opencontainers.image.vendor
: Required. Name of the distributing entity, organization or individual -
org.opencontainers.image.version
: Required. Human readable version of the image. This is typically identical to the first tag. -
mil.dso.ironbank.image.keywords
: Keywords to help with search (ex. "cicd,gitops,golang") -
mil.dso.ironbank.image.type
: This value can be "opensource" or "commercial" -
mil.dso.ironbank.product.name
: Product the image belongs to for grouping multiple images. If you have multiple images that you would like grouped together on https://ironbank.dsop.io, use the same product name on them all.
-
- Maintainers
-
Please add any additional external vendor contacts or CHT internal members to this list if they maintain this container. - Add any Iron Bank team members who maintain this container with
cht_member: true
set - The current
container_owner
has already been added to themaintainers:
section ofhardening_manifest.yaml
. - Can include POCs in technical and/or support roles. For containers which require licenses or subscriptions, it is encouraged to include a point of contact who can provide assistance in this regard, in addition to a technical POC.
-
The pipeline will not run successfully for this MR until all of the required fields are added.