Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support specifying multiple registries in the trust policy #289

Open
FeynmanZhou opened this issue Dec 22, 2023 · 1 comment
Open

Support specifying multiple registries in the trust policy #289

FeynmanZhou opened this issue Dec 22, 2023 · 1 comment
Labels
enhancement New feature or request spec
Milestone

Comments

@FeynmanZhou
Copy link
Member

From the trust policy spec, it requires users to specify a list of one or more fully qualified repository URIs in the registryScopes.

However, this requirement limits the verification scope to repository level and narrows the verification scenario. If users want to specify all repositories under multiple registries in the registryScopes, it will be inconvenient.

I would suggest extending the scope to registry level. It will enable users to specify not only repositories but also registries in the registryScopes.

For example:

"registryScopes": [
              "registry.acme-rockets.io",
              "wabbit-networks.io"
            ]
@FeynmanZhou FeynmanZhou added enhancement New feature or request spec triage labels Dec 22, 2023
@yizha1 yizha1 removed the triage label Dec 26, 2023
@yizha1 yizha1 added this to the Future milestone Dec 26, 2023
@yizha1
Copy link
Contributor

yizha1 commented Mar 1, 2024

Besides policies on registry level, it will be good to support policy on image level for more granularity, for example,

"registryScopes": [
              "registry.acme-rockets.io/software/net-monitor:v1",
              "registry.acme-rockets.io/software/net-logger:v2"
            ]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request spec
Projects
None yet
Development

No branches or pull requests

2 participants