-
Type: Task
-
Resolution: Won't Do
-
Priority: Unknown
-
None
-
Component/s: Security
-
None
Note: drivers that to not publish container images can disregard this ticket.
Released container images MUST be signed with a MongoDB-owned or managed key.
Drivers MUST generate SBOM Lite documents for releases and provide those to Silk. As mentioned in the Scope: Onboard Shipped Products to Silk, the docker sbom command may be used. Providing SBOM Lite documents to Silk via S3 uploads for container imagesĀ may be preferable to maintaining it in a git repository.
A list of software bundled within container releases MUST be provided to DevProd for reporting purposes.
Drivers MUST configure container scanning (e.g. using Snyk).
- related to
-
CXX-3062 SSDLC requirements for released container images
- Backlog
- split to
-
CDRIVER-5539 SSDLC requirements for released container images
- Closed
-
CSHARP-5052 SSDLC requirements for released container images
- Closed
-
CXX-3012 SSDLC requirements for released container images
- Closed
-
GODRIVER-3191 SSDLC requirements for released container images
- Closed
-
JAVA-5434 SSDLC requirements for released container images
- Closed
-
MOTOR-1306 SSDLC requirements for released container images
- Closed
-
NODE-6117 SSDLC requirements for released container images
- Closed
-
PHPLIB-1438 SSDLC requirements for released container images
- Closed
-
PYTHON-4387 SSDLC requirements for released container images
- Closed
-
RUBY-3453 SSDLC requirements for released container images
- Closed
-
RUST-1923 SSDLC requirements for released container images
- Closed