graylog-docker icon indicating copy to clipboard operation
graylog-docker copied to clipboard
verified publisher icon Graylog2

Enable content trust

Open ghost opened this issue 7 years ago • 3 comments

Please sign your Docker images using content trust.

Signed images allow user to verify that the images are not tampered with.

ghost avatar Jun 15 '18 07:06 ghost

@natlibfi-arlehiko Do you know how that would work with automated builds on Docker Hub? I don't see how we could sign the images during the build process on Docker Hub.

joschi avatar Jun 15 '18 07:06 joschi

If the images are built by Docker Hub then they would be signed with their keys. Enabling content trust for automated builds seems not to be implemented.

I've contacted Docker about this. I'll updated this issue when they get back to me.

quay.io might support automated signing of images.

natlibfi-arlehiko avatar Jun 15 '18 07:06 natlibfi-arlehiko

Maybe it would also be a good idea to have the Graylog container image as a official docker image? https://docs.docker.com/docker-hub/official_images/

ntimo avatar May 07 '19 05:05 ntimo