Cole Kennedy 🔐 🔗’s Post

View profile for Cole Kennedy  🔐 🔗, graphic

I Help Organizations Shift Compliance Left | Veteran | Co-founder

We are shifting compliance left with #Witness and #Hadolint. Want to ensure your Dockerfiles meet compliance controls? This short guide can help you automate the reporting of AC-6, CM-2, and CM-7 for every artifact every time. This is the first in a long series of how to shift compliance left. Follow me and subscribe to never miss out. If there is a tool you would like us to look at and map please let me know in the comments. https://lnkd.in/etNRetSQ

  • No alternative text description for this image
Brandt Keller

OSS Enthusiast | CNCF TAG Security Tech Lead | USMC Veteran

3w

Appreciate the article - the attestation ensures the exact command is executed - is there any reason this attestation shouldn't also include measuring the outcome of the hadolint command? I assume something else was processing the outcome - which makes me interested in if attestations should include both the command enforcement AND evidence measurement against policy. We might have policies within policies 😅 but it would be quite provenant.

Like
Reply
Josiah Ritchie

.* as Code or it doesn't exist

4w

Oooh, I like mapping controls to hadolint rules. It is an exciting glimpse into the future.

See more comments

To view or add a comment, sign in

Explore topics