updated hardening

675aaffc · Vickie Shen · 49513cf0 · 675aaffc · 675aaffc
Commit 675aaffc authored Dec 18, 2020 by Vickie Shen
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 20 deletions

Dockerfile Dockerfile +4 -4

hardening_manifest.yaml hardening_manifest.yaml +11 -16

No files found.
--- a/Dockerfile
+++ b/Dockerfile
-ARG BASE_REGISTRY=nexus-docker-secure.levelup-dev.io
+ARG BASE_REGISTRY=registry1.dsop.io
 ARG BASE_IMAGE=ubi8
-ARG BASE_TAG=8.2
+ARG BASE_TAG=8.3
 FROM vault:1.6.0 AS source
@@ -17,11 +17,11 @@ RUN groupadd -g 1001 vault && \
    mkdir -p /vault/config && \
    chown -R vault:vault /vault
-EXPOSE 8200 
+EXPOSE 8200
 USER vault
 HEALTHCHECK --interval=5m --timeout=30s --start-period=1m --retries=3 \
-  CMD curl -f http://locahost:8200/v1/sys/health?standbyok=true || exit 1 
+  CMD curl -f http://locahost:8200/v1/sys/health?standbyok=true || exit 1
 ENTRYPOINT ["docker-entrypoint.sh"]
 CMD ["server"]
--- a/hardening_manifest.yaml
+++ b/hardening_manifest.yaml
@@ -20,20 +20,20 @@ args:
 labels:
  org.opencontainers.image.title: "vault"
  ## Human-readable description of the software packaged in the image
-  # org.opencontainers.image.description: "FIXME"
+  org.opencontainers.image.description: "Vault is a tool for securely accessing secrets."
  ## License(s) under which contained software is distributed
-  # org.opencontainers.image.licenses: "FIXME"
+  org.opencontainers.image.licenses: "MPL-2.0"
  ## URL to find more information on the image
-  # org.opencontainers.image.url: "FIXME"
+  org.opencontainers.image.url: "https://www.vaultproject.io/"
  ## Name of the distributing entity, organization or individual
-  # org.opencontainers.image.vendor: "FIXME"
+  org.opencontainers.image.vendor: "Hashicorp"
  org.opencontainers.image.version: "1.6.0"
  ## Keywords to help with search (ex. "cicd,gitops,golang")
-  # mil.dso.ironbank.image.keywords: "FIXME"
+  mil.dso.ironbank.image.keywords: "opensource"
  ## This value can be "opensource" or "commercial"
-  # mil.dso.ironbank.image.type: "FIXME"
+  mil.dso.ironbank.image.type: "opensource"
  ## Product the image belongs to for grouping multiple images
-  # mil.dso.ironbank.product.name: "FIXME"
+  mil.dso.ironbank.product.name: "Apache vault"
 # List of resources to make available to the offline build context
 resources:
@@ -41,15 +41,10 @@ resources:
  url: docker://docker.io/library/vault@sha256:b04266db3e7ece92690df720fcf98ecf138a92ed3d1edc14dc86fe814c33ab9b
 # List of project maintainers
-# FIXME: Fill in the following details for the current container owner in the whitelist
-# FIXME: Include any other vendor information if applicable
 maintainers:
- email: "brianmiller@cloudfitsoftware.com"
+- email: "shen_vickie@bah.com"
 #   # The name of the current container owner
-#   name: "FIXME"
+  name: "Vickie Shen"
 #   # The gitlab username of the current container owner
-#   username: "FIXME"
+  username: "shen_vickie"
-#   cht_member: true # FIXME: Uncomment if the maintainer is a member of CHT
+  cht_member: true
-# - name: "FIXME"
-#   username: "FIXME"
-#   email: "FIXME"