mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-07 07:51:38 +01:00
42 lines
1.0 KiB
YAML
42 lines
1.0 KiB
YAML
apiVersion: cli.kyverno.io/v1alpha1
|
|
kind: Test
|
|
metadata:
|
|
name: image-sec
|
|
policies:
|
|
- image-sec-001_latest-tag.yaml
|
|
- image-sec-002_trusted-registry.yaml
|
|
- image-sec-003_digest.yaml
|
|
- image-sec-004_signature.yaml
|
|
- image-sec-005_sbom.yaml
|
|
- image-sec-006_provenance.yaml
|
|
resources:
|
|
- ../../../rendered.yaml
|
|
exceptions: []
|
|
results:
|
|
# image-sec-001
|
|
- policy: disallow-latest-tag
|
|
rule: require-image-tag
|
|
result: pass
|
|
- policy: disallow-latest-tag
|
|
rule: validate-image-tag
|
|
result: pass
|
|
# image-sec-002
|
|
- policy: restrict-image-registries
|
|
rule: validate-registries
|
|
result: pass
|
|
# image-sec-003
|
|
- policy: require-image-checksum
|
|
rule: require-image-checksum
|
|
result: pass
|
|
# image-sec-004
|
|
- policy: verify-image
|
|
rule: verify-image
|
|
result: pass
|
|
# image-sec-005
|
|
#- policy: verify-sbom-cyclonedx
|
|
# rule: verify-sbom-cyclonedx
|
|
# result: pass
|
|
# image-sec-006
|
|
#- policy: verify-slsa-provenance-keyless
|
|
# rule: verify-slsa-provenance-keyless
|
|
# result: pass |