Uploaded image for project: 'Server Deployments and Scale'
  1. Server Deployments and Scale
  2. SCALE-62

Sign Atlassian images on dockerhub

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • None
    • Docker
    • None

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      We'd like to establish a trusted chain. However, currently the bitbucket-server image is unsigned.

      % docker trust inspect atlassian/bitbucket-server
[]
No signatures or cannot access atlassian/bitbucket-server

      The main security concern is to be sure the image pulled from dockerhub are signed by Atlassian by the private key which is stored security on the vendor side.

      If Atlassian can sign the images before push them to the dockerhub, we can pull they security, and in case the image doesn't have a valid signature we drop it.

      Attachments

        Activity

          People

            Unassigned Unassigned
            rmadalozzo Rodrigo M (Inactive)
            Votes:
            2 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: