You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Can I craft policies for docker images ?
I would like to implement the following policy in regula.
Is it possible for me to write a similar policy using regula, or will I need to build my own user libraries to implement this policy ?
package builtin.dockerfile.DS002
import data.lib.docker
# get_user returns all the usernames from
# the USER command.
get_user[username] {
user := docker.user[_]
username := user.Value[_]
}
# fail_user_count is true if there is no USER command.
fail_user_count {
count(get_user) < 1
}
# fail_last_user_root is true if the last USER command
# value is "root"
fail_last_user_root[lastUser] {
users := [user | user := docker.user[_]; true]
lastUser := users[count(users) - 1]
lastUser.Value[0] == "root"
}
deny[res] {
fail_user_count
msg := "Specify at least 1 USER command in Dockerfile with non-root user as argument"
res := result.new(msg, {})
}
deny[res] {
cmd := fail_last_user_root[_]
msg := "Last USER command in Dockerfile should not be 'root'"
res := result.new(msg, cmd)
}
The text was updated successfully, but these errors were encountered:
Can I craft policies for docker images ?
I would like to implement the following policy in regula.
Is it possible for me to write a similar policy using regula, or will I need to build my own user libraries to implement this policy ?
The text was updated successfully, but these errors were encountered: