Uploaded image for project: 'Server Deployments and Scale'
  1. Server Deployments and Scale
  2. SCALE-62

Sign Atlassian images on dockerhub

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • None
    • Environment - Docker
    • None
    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

      We'd like to establish a trusted chain. However, currently the bitbucket-server image is unsigned.

      % docker trust inspect atlassian/bitbucket-server
      []
      No signatures or cannot access atlassian/bitbucket-server
      

      The main security concern is to be sure the image pulled from dockerhub are signed by Atlassian by the private key which is stored security on the vendor side.

      If Atlassian can sign the images before push them to the dockerhub, we can pull they security, and in case the image doesn't have a valid signature we drop it.

              Unassigned Unassigned
              rmadalozzo Rodrigo M (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: