Uploaded image for project: 'Drivers'
  1. Drivers
  2. DRIVERS-2897

SSDLC requirements for released container images

XMLWordPrintableJSON

    • Type: Icon: Task Task
    • Resolution: Unresolved
    • Priority: Icon: Unknown Unknown
    • None
    • Component/s: Security
    • Labels:
      None
    • $i18n.getText("admin.common.words.hide")
      Key Status/Resolution FixVersion
      CDRIVER-5539 Blocked
      CXX-3012 Blocked
      CSHARP-5052 Blocked
      GODRIVER-3191 Blocked
      JAVA-5434 Won't Do
      NODE-6117 Works as Designed
      MOTOR-1306 Blocked
      PYTHON-4387 Won't Do
      PHPLIB-1438 Blocked
      RUBY-3453 Blocked
      RUST-1923 Won't Do
      $i18n.getText("admin.common.words.show")
      #scriptField, #scriptField *{ border: 1px solid black; } #scriptField{ border-collapse: collapse; } #scriptField td { text-align: center; /* Center-align text in table cells */ } #scriptField td.key { text-align: left; /* Left-align text in the Key column */ } #scriptField a { text-decoration: none; /* Remove underlines from links */ border: none; /* Remove border from links */ } /* Add green background color to cells with FixVersion */ #scriptField td.hasFixVersion { background-color: #00FF00; /* Green color code */ } /* Center-align the first row headers */ #scriptField th { text-align: center; } Key Status/Resolution FixVersion CDRIVER-5539 Blocked CXX-3012 Blocked CSHARP-5052 Blocked GODRIVER-3191 Blocked JAVA-5434 Won't Do NODE-6117 Works as Designed MOTOR-1306 Blocked PYTHON-4387 Won't Do PHPLIB-1438 Blocked RUBY-3453 Blocked RUST-1923 Won't Do

      Note: drivers that to not publish container images can disregard this ticket.

      Released container images MUST be signed with a MongoDB-owned or managed key.

      Drivers MUST generate SBOM Lite documents for releases and provide those to Silk. As mentioned in the Scope: Onboard Shipped Products to Silk, the docker sbom command may be used. Providing SBOM Lite documents to Silk via S3 uploads for container imagesĀ  may be preferable to maintaining it in a git repository.

      A list of software bundled within container releases MUST be provided to DevProd for reporting purposes.

      Drivers MUST configure container scanning (e.g. using Snyk).

            Assignee:
            Unassigned Unassigned
            Reporter:
            jmikola@mongodb.com Jeremy Mikola
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: