-
Type: Task
-
Resolution: Unresolved
-
Priority: Major - P3
-
None
-
Affects Version/s: None
-
Component/s: None
-
None
Released container images MUST be signed with a MongoDB-owned or managed key.
Drivers MUST generate SBOM Lite documents for releases and provide those to Silk. As mentioned in the Scope: Onboard Shipped Products to Silk, the docker sbom command may be used. Providing SBOM Lite documents to Silk via S3 uploads for container imagesĀ may be preferable to maintaining it in a git repository.
A list of software bundled within container releases MUST be provided to DevProd for reporting purposes.
Drivers MUST configure container scanning (e.g. using Snyk).
- is related to
-
DRIVERS-2897 SSDLC requirements for released container images
- Closed