diff --git a/.vib/chainloop-artifact-cas/vib-verify.json b/.vib/chainloop-artifact-cas/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-artifact-cas/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-control-plane-migrations/vib-verify.json b/.vib/chainloop-control-plane-migrations/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-control-plane-migrations/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +} diff --git a/.vib/chainloop-control-plane/vib-verify.json b/.vib/chainloop-control-plane/vib-verify.json new file mode 100644 index 0000000000000..ed4f5cd241cab --- /dev/null +++ b/.vib/chainloop-control-plane/vib-verify.json @@ -0,0 +1,57 @@ +{ + "context": { + "resources": { + "url": "{SHA_ARCHIVE}", + "path": "{VIB_ENV_PATH}" + } + }, + "phases": { + "package": { + "actions": [ + { + "action_id": "container-image-package", + "params": { + "application": { + "details": { + "name": "{VIB_ENV_CONTAINER}", + "tag": "{VIB_ENV_TAG}" + } + }, + "architectures": [ + "linux/amd64", + "linux/arm64" + ] + } + }, + { + "action_id": "container-image-lint", + "params": { + "threshold": "error" + } + } + ] + }, + "verify": { + "actions": [ + { + "action_id": "trivy", + "params": { + "threshold": "LOW", + "vuln_type": [ + "OS" + ] + } + }, + { + "action_id": "grype", + "params": { + "threshold": "CRITICAL", + "package_type": [ + "OS" + ] + } + } + ] + } + } +}