We are shifting compliance left with #Witness and #Hadolint. Want to ensure your Dockerfiles meet compliance controls? This short guide can help you automate the reporting of AC-6, CM-2, and CM-7 for every artifact every time. This is the first in a long series of how to shift compliance left. Follow me and subscribe to never miss out. If there is a tool you would like us to look at and map please let me know in the comments. https://lnkd.in/etNRetSQ
Appreciate the article - the attestation ensures the exact command is executed - is there any reason this attestation shouldn't also include measuring the outcome of the hadolint command? I assume something else was processing the outcome - which makes me interested in if attestations should include both the command enforcement AND evidence measurement against policy. We might have policies within policies 😅 but it would be quite provenant.
Oooh, I like mapping controls to hadolint rules. It is an exciting glimpse into the future.
I Help Organizations Shift Compliance Left | Veteran | Co-founder
4whttps://productgovernance.substack.com/p/compliance-as-code-with-witness-and