Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2897

SSDLC requirements for released container images

    • Type: Icon: Task Task
    • Resolution: Won't Do
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Security
    • None
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5539 Won't Do
      CXX-3012 Won't Do
      CSHARP-5052 Won't Do
      GODRIVER-3191 Won't Do
      JAVA-5434 Won't Do
      NODE-6117 Works as Designed
      MOTOR-1306 Won't Do
      PYTHON-4387 Won't Do
      PHPLIB-1438 Won't Do
      RUBY-3453 Won't Do
      RUST-1923 Won't Do
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5539 Won't Do CXX-3012 Won't Do CSHARP-5052 Won't Do GODRIVER-3191 Won't Do JAVA-5434 Won't Do NODE-6117 Works as Designed MOTOR-1306 Won't Do PYTHON-4387 Won't Do PHPLIB-1438 Won't Do RUBY-3453 Won't Do RUST-1923 Won't Do

      Note: drivers that to not publish container images can disregard this ticket.

      Released container images MUST be signed with a MongoDB-owned or managed key.

      Drivers MUST generate SBOM Lite documents for releases and provide those to Silk. As mentioned in the Scope: Onboard Shipped Products to Silk, the docker sbom command may be used. Providing SBOM Lite documents to Silk via S3 uploads for container imagesĀ  may be preferable to maintaining it in a git repository.

      A list of software bundled within container releases MUST be provided to DevProd for reporting purposes.

      Drivers MUST configure container scanning (e.g. using Snyk).

            Assignee:
            Unassigned Unassigned
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: