Uploaded image for project: 'C++ Driver'
  1. C++ Driver
  2. CXX-3062

SSDLC requirements for released container images

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Major - P3 Major - P3
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • C Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?

      Released container images MUST be signed with a MongoDB-owned or managed key.

      Drivers MUST generate SBOM Lite documents for releases and provide those to Silk. As mentioned in the Scope: Onboard Shipped Products to Silk, the docker sbom command may be used. Providing SBOM Lite documents to Silk via S3 uploads for container imagesĀ  may be preferable to maintaining it in a git repository.

      A list of software bundled within container releases MUST be provided to DevProd for reporting purposes.

      Drivers MUST configure container scanning (e.g. using Snyk).

            Assignee:
            Unassigned Unassigned
            Reporter:
            tom.selander@mongodb.com Tom Selander
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated: