Hi. Are there any plans to get the pact-broker doc...
# pact-brokerg
Gustavs
05/20/2022, 8:44 AMHi. Are there any plans to get the pact-broker docker image official? We wanted to use it in our project, but it was rejected by our security team, due to the reason that it is not official. Any thoughts on this?
b
Beth (pactflow.io/Pact Broker/pact-ruby)
05/20/2022, 8:45 AM
I'd be open to it, depending how much work it was.
b
Beth (pactflow.io/Pact Broker/pact-ruby)
05/20/2022, 8:58 AM
Thanks Ben. I'll have a read.
Beth (pactflow.io/Pact Broker/pact-ruby)
05/20/2022, 9:29 AM
Would the Pactflow image pass their requirements? It's the commercial version of the Pact Broker.
b
Ben Pilgrim
05/20/2022, 10:08 AMOur security teams policy is that docker images have to be docker official images, so we’d be out of luck on the pactflow image too. We’ve requested an exemption from the policy for our use case, so hopefully we can get the OSS image approved internally, but it would be ideal if it was possible to get an official image merged to the docker standard library.
g
Gustavs
05/23/2022, 10:26 AMHey, @Beth (pactflow.io/Pact Broker/pact-ruby). Did you get a chance to look into it? Is this something you are willing to do?
y
Yousaf Nabi (pactflow.io)
05/23/2022, 5:20 PM
Hi @Gustavs,
With respect, your request was made on Friday, and we have a weekend, so I would imagine Beth hasn’t had time to look into it.
I would suggest raising the want on our Canny feature request board https://pact.canny.io/
If you are able to provide any of the ground work in either making the necessary steps, or providing a skeleton of any tasks that would be required, it would greatly aid us in being able to make this happen.
Outside of that, we would need to prioritise and juggle accordingly. Will have a chat to the team.
@Ben Pilgrim re the following
Our security teams policy is that docker images have to be docker official imagesHow does this work for your own images created internally? How does this work for other projects you wish to use but don’t have official repos? Are you just unable to use them? I also note that
Docker Official Images are an intellectual property of Docker.Sounds gnarly
b
Ben Pilgrim
05/24/2022, 8:07 AM@Yousaf Nabi (pactflow.io)
How does this work for your own images created internally?Internally maintained images are allowed but have to be based off docker official images.
How does this work for other projects you wish to use but don’t have official repos? Are you just unable to use them?Pretty much. We’re going through the process internally of requesting an exception to the policy for the pact broker OSS image, so we will see how that turns out.
🤞 2
😭 1
4 Views