Support specifying multiple registries in the trust policy #289

FeynmanZhou · 2023-12-22T09:27:52Z

From the trust policy spec, it requires users to specify a list of one or more fully qualified repository URIs in the registryScopes.

However, this requirement limits the verification scope to repository level and narrows the verification scenario. If users want to specify all repositories under multiple registries in the registryScopes, it will be inconvenient.

I would suggest extending the scope to registry level. It will enable users to specify not only repositories but also registries in the registryScopes.

For example:

"registryScopes": [
              "registry.acme-rockets.io",
              "wabbit-networks.io"
            ]

The text was updated successfully, but these errors were encountered:

yizha1 · 2024-03-01T06:27:21Z

Besides policies on registry level, it will be good to support policy on image level for more granularity, for example,

"registryScopes": [
              "registry.acme-rockets.io/software/net-monitor:v1",
              "registry.acme-rockets.io/software/net-logger:v2"
            ]

FeynmanZhou added enhancement New feature or request spec triage labels Dec 22, 2023

yizha1 removed the triage label Dec 26, 2023

yizha1 added this to the Future milestone Dec 26, 2023

yizha1 mentioned this issue Mar 5, 2024

[question] registryScopes in trust policy #278

Open

yizha1 modified the milestones: Future, 1.2.0 Jun 4, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Support specifying multiple registries in the trust policy #289

Support specifying multiple registries in the trust policy #289

FeynmanZhou commented Dec 22, 2023

yizha1 commented Mar 1, 2024

Support specifying multiple registries in the trust policy #289

Support specifying multiple registries in the trust policy #289

Comments

FeynmanZhou commented Dec 22, 2023

yizha1 commented Mar 1, 2024