Enhancements to Genval#46
Merged
Merged
Conversation
|
Hi there 👋, @DryRunSecurity here, below is a summary of our analysis and findings.
Note 🟢 Risk threshold not exceeded. Tip Get answers to your security questions. Add a comment in this PR starting with @DryRunSecurity. For example... Powered by DryRun Security |
Add genval as root and container command for generating and validating Dockerfile using Refo policies Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
showJSON command is a helper command for printing the JSON representation of passed .tf and Dockerfiles to StdOut. This visual representation in JSON format of Terraform files and Dockerfiles will enable users to write custom policies in Rego or CEL. Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
TODO: Test the verification by providing the Cosign public key TODO: Enhance error logging Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
TODO: Test command TODO: Write examples Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
…results to StdOut Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
… URL needs be in begin with oci:// for artifcat pull/push Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
…ring a new tagged release Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
… using CEL Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Now, Pull command looks for and uses DefaultKeychain in '~/.docker/config.json. if not found, fallbacks to username:password format geting the data from env variables Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
…s auth from artifact push Move create workspace to a dedicated func, and adds signature verification step prompting user input to proceed if verification fails because of mismatch of signatures. if user decides to continue, creates workspace. artifact push is not behaving as expected by adding withAuthConfig(username, password) for auth. Hence, removed for timebeing. Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
Signed-off-by: Santosh Kaluskar <ksantosh@intelops.dev>
devopstoday11
approved these changes
Apr 5, 2024
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR enhances
genvalwith following features:cue.moddependency from the executable Closes Move cue.mod out of genval binary #15cuecommand - Closes Implement validation/generation of multiple JSON/YAML files in Cue mode #9Additionally, Genval can now validate Dockerfile, Kubernetes manifests, and Terraform files either with Rego or Common Expression Language (CEL).
@devopstoday11