Research Spike: Generate body of evidence for an approved container

This template is ONLY used for feature requests. Bug reporting or pipeline enhancement issues should use the other template options for issue submission.

Description

Generate a body of evidence for an approved container. It would be wrapping up the greylist files (once security updates it with justifications) and publishing it for use by IBFE and eventually the Stargate CDS.

Purpose

We need a record of the items going into containers and the associated vulnerabilities. This could include Blackduck scans as well if that becomes a requirement.

Plan

• This will likely need to live outside of the pipeline because of the delay in the whitelist generation. Need to determine if this is going to be on a schedule or not.
• Would need to test in collaboration with the IBFE team

Possible Blockers/Challenges

• Could possibly need to get Blackduck implementation working if those scans become a requirement.

• Integration with IBFE could require changes on their part.

Acceptance Criteria

• Validation from security and IBFE and Stargate??
• Needs more detail here.