Skip to content
This repository has been archived by the owner on Sep 3, 2024. It is now read-only.

Policies for docker #371

Open
sadams-evi opened this issue Nov 8, 2022 · 0 comments
Open

Policies for docker #371

sadams-evi opened this issue Nov 8, 2022 · 0 comments

Comments

@sadams-evi
Copy link

Can I craft policies for docker images ?
I would like to implement the following policy in regula.
Is it possible for me to write a similar policy using regula, or will I need to build my own user libraries to implement this policy ?

package builtin.dockerfile.DS002

import data.lib.docker

# get_user returns all the usernames from
# the USER command.
get_user[username] {
	user := docker.user[_]
	username := user.Value[_]
}

# fail_user_count is true if there is no USER command.
fail_user_count {
	count(get_user) < 1
}

# fail_last_user_root is true if the last USER command
# value is "root"
fail_last_user_root[lastUser] {
	users := [user | user := docker.user[_]; true]
	lastUser := users[count(users) - 1]
	lastUser.Value[0] == "root"
}

deny[res] {
	fail_user_count
	msg := "Specify at least 1 USER command in Dockerfile with non-root user as argument"
	res := result.new(msg, {})
}

deny[res] {
	cmd := fail_last_user_root[_]
	msg := "Last USER command in Dockerfile should not be 'root'"
	res := result.new(msg, cmd)
}
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sadams-evi