Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Improve dockerfile verify #3260

Closed
BobyMCbobs opened this issue Sep 25, 2023 · 3 comments · Fixed by #3264
Closed

Improve dockerfile verify #3260

BobyMCbobs opened this issue Sep 25, 2023 · 3 comments · Fixed by #3264
Labels
enhancement New feature or request

Comments

@BobyMCbobs
Copy link
Contributor

Description

The command cosign dockerfile verify ./Dockerfile works great if a Dockerfile contains literal image names but not for anything else.

I'd like the two following methods to be supported

  1. resolve from variable
ARG IMAGE=myimage:mytag
FROM $IMAGE

(ARG or ENV)

  1. image in COPY
COPY --from=myimage:mytag /etc/passwd /etc/passwd

/assign
@BobyMCbobs BobyMCbobs added the enhancement New feature or request label Sep 25, 2023
@EraKin575
Copy link

I would like to work on this issue

@EraKin575
Copy link

/assign

@BobyMCbobs
Copy link
Contributor Author

BobyMCbobs commented Sep 28, 2023
edited
Loading

@EraKin575, thank you, though I've already assigned myself to this and am working on it.

@BobyMCbobs BobyMCbobs mentioned this issue Sep 28, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: improve dockerfile verify subcommand BobyMCbobs/sigstore-cosign
2 participants
@BobyMCbobs @EraKin575