Disclaimer: This is not an official Google product.
This project contains a set of tools to help with the implementation of Binary Authorization in Google Cloud.
A Go program that parses the JSON output of the vulnerabilities for an image in Google Container Registry (GCR). If any of the vulnerabilities are higher than the CVSS threshold, it exits with an error.
Wait for a vulnerability scan to complete for a particular image in GCR then run the CVE Checker against it to make sure that no vulnerabilites are higher than the threshold.
Options:
-p <project ID> Project ID
-i <image path> Full image path including sha (gcr.io/my-project/image-name@sha256:....)
-t <CVSS Threshold> Maximum CVSS score allowed in discovered CVEs
Creates an attestation for the given artifact using Cloud KMS.
Global options:
-p <project>
ID of the Google Cloud project (e.g. "my-project")
-i <image>
Full image including SHA (e.g. "gcr.io/my-project/my-image@sha245:...")
Attestor options:
-a <attestor>
ID of the attestor (e.g. "my-attestor")
-A <attestor project>
ID of the project where the attestor exists. Defaults to the global
project ID.
KMS options:
-v <kms key version>
Version of the KMS key to use for signing (e.g. "1")
-k <kms key>
Name of the KMS get (e.g. "my-key")
-l <kms location>
Location of the KMS key (e.g. "global")
-r <kms key ring>
Name of the KMS keyring (e.g. "my-keyring")
-V <kms project>
ID of the project where the KMS key exists. Defaults to the global
project ID.
See CONTRIBUTING
Copyright 2019, Google, Inc. Licensed under the Apache License, Version 2.0
See LICENSE.
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent