[xani_]

And that kids is how it looks when security team just sits in their ivory tower and shits on everyone else in name of security theathre they're paid to play

> Overnight, all our builds (run on-prem) fail because npm install, pip install etc fail and we spent a long time trying to figure it out. They are still failing to this day and I have to get off the VPN every time I need to run these simple commands. IT absolutely doesn't give a flying ** about developers.

Add their cert to system store ? Won't help inside containers tho... without much fuckery

[slt2021]

You are not supposed to mess with certificates inside containers.

Security team should have provided you with golden image with hardened config, latest patches installed, and corporate certs installed in certificate store.

If they didnt, they aint doing correct DevSecOps/SecDevOps or whatever the fancy term is for integrating security within development team.

It is a big red flag that any developer can pull whatever image for container running in production, possibly with unpatched vulnerabilities and loose config and ports open, and running with root privileges, etc.

Usually stuff has to be vetted and checked prior to being deployed in production environment

[richbell]

> Add their cert to system store?

That's the fun part: every technology and tool has its own bespoke way of handling certificates, and it often isn't as simple as adding a certificate to the system store.

[bornfreddy]

Why not? Just mount a volume with certs and you're good to go. In every container, of course.