Skip to content
This repository has been archived by the owner on Mar 10, 2024. It is now read-only.

chainguard-dev/text4shell-policy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

24 Commits
.github/workflows
.github/workflows
 
 
policy
policy
 
 
src/main/java
src/main/java
 
 
target
target
 
 
Dockerfile
Dockerfile
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
pom.xml
pom.xml
 
 
slsa.csv
slsa.csv
 
 

Repository files navigation

Text4Shell Demo

This demo shows how you can use Sigstore to validate your signed SBOMs against text4shell policies in Kubernetes or on the command line

Option 1: Check if your remote OCI image is affected using cue with cosign 2.0

cosign verify-attestation --policy policy/text4shell.cue --type https://cyclonedx.org/bom --certificate-identity-regexp=.* --certificate-oidc-issuer-regexp=.* ghcr.io/chainguard-dev/text4shell-policy:main

Option 2: Check using Enforce for Kubernetes with image built from this repo

chainctl policies create --group $DEMO_GROUP -f policy/text4shell-policy.yaml
kubectl label ns default policy.sigstore.dev/include=true --overwrite
kubectl run text4shell --image=ghcr.io/chainguard-dev/text4shell-policy:main

text4shell diagnostic

Clean Up

kubectl delete pod text4shell --grace-period=0
chainctl policy delete -y $(chainctl policy list -o json | jq -r '[.items[] | select(.name == "vuln-cve-2022-42889-text4shell")][0].id')
kubectl label ns default policy.sigstore.dev/include-

About

ClusterImagePolicy demo for cve-2022-42889 text4shell

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

4 stars

Watchers

5 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

 
 
 

Languages