Allow to specify a path in trusted_registries data (KSV-0125) #10166
Closed
lucasmaurice
started this conversation in
Ideas
Replies: 2 comments
-
|
Hi @lucasmaurice !
For example: container_image_uses_untrusted_repository(container) if {
image_parts := split(container.image, "/")
count(image_parts) > 1
repository := concat("/", slice(image_parts, 0, count(image_parts) - 1))
not is_repository_trusted(repository)
}
is_repository_trusted(repository) if {
some trusted in all_trusted_repositories
startswith(repository, trusted)
}
deny contains res if {
some container in kubernetes.containers
container_image_uses_untrusted_repository(container)
...
} |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
Huum okok I see, thanks! |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Description
It's very nice to be able to be able to add custom domains as trusted registries, but in some case it is a shared domain and the company-managed domain is on a sub-path. Ex for GCP:
northamerica-northeast1-docker.pkg.dev/my-company/my-images
It would be nice to be able to allow the registry with the path, and not only the domain, so that we can limit to the images that we host.
Thanks a lot!
Target
Filesystem
Scanner
Misconfiguration
Beta Was this translation helpful? Give feedback.
All reactions