SIG-Scanning Introduction

Docker would like to invite you to join a new special interest group forming around security scanning within the Moby project. The SIG-scanning group intends to work towards standardization of scanning outputs and a structured way to attach that metadata to container images. We feel this will help the community to grow and develop a common interface for data sharing.

A strawman design document can be found here. We are actively interested in community feedback on the design – please feel free to comment to help us improve.

This special interest group will have its inaugural kickoff meeting at the Moby Summit on June 19 at Docker HQ in San Francisco. More information on that event can be found here.

Is commentary on the design document going to be opened up?

In general, it would be good to use OCI descriptors and digests when referencing image components.

Opened for commenting. Can you point me at a reference for he OCI descriptors? Happy to make that update.

I added it in the doc in a comment. Let me know if that is enough!

1 Like