Uploaded image for project: 'Bitbucket Cloud'
  1. Bitbucket Cloud
  2. BCLOUD-14444

Allow docker image to be pulled by digest hash

    XMLWordPrintable

Details

    • Our product teams collect and evaluate feedback from a number of different sources. To learn more about how we use customer feedback in the planning process, check out our new feature policy.

    Description

      Since we use public available images from sources like Docker Hub we could not guarantee that someone modifies the image. Worst case an attacker could change the image to put a trojan in our binaries.

      So, how to prevent this?

      I think that it will be a very good idea to add a checksum verification to Pipelines. This way, we could test and analyze the image. Combined with the checksum we could guarantee that the tested and analyzed image is used for builds.

      Attachments

        Activity

          People

            Unassigned Unassigned
            90f5b44bd3e9 Cornelis Hoeflake
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: