SIG-Scanning Introduction

endophage · June 13, 2017, 11:00pm

Docker would like to invite you to join a new special interest group forming around security scanning within the Moby project. The SIG-scanning group intends to work towards standardization of scanning outputs and a structured way to attach that metadata to container images. We feel this will help the community to grow and develop a common interface for data sharing.

A strawman design document can be found here. We are actively interested in community feedback on the design – please feel free to comment to help us improve.

This special interest group will have its inaugural kickoff meeting at the Moby Summit on June 19 at Docker HQ in San Francisco. More information on that event can be found here.

stevvooe · June 13, 2017, 11:42pm

Is commentary on the design document going to be opened up?

In general, it would be good to use OCI descriptors and digests when referencing image components.

endophage · June 13, 2017, 11:46pm

Opened for commenting. Can you point me at a reference for he OCI descriptors? Happy to make that update.

stevvooe · June 14, 2017, 6:18pm

I added it in the doc in a comment. Let me know if that is enough!

Topic		Replies	Views
2017-06-19 Meeting Notes scanning	0	2673	June 20, 2017
2017-07-31 Meeting Notes scanning	2	1571	August 9, 2017
2017-07-10 Meeting scanning	5	1692	July 27, 2017
2017/10/23 - Meeting Notes scanning	0	1389	October 25, 2017
2017-06-19: Orchestration Security SIG meeting orchestration-security	0	2407	June 26, 2017

SIG-Scanning Introduction

Related Topics