|
|
|
|
|
|
by tanepiper
276 days ago
|
|
|
Yes, also using multi-stage container - we output signed OCI to our repository and have Rekor and GitHub for SBOM and attestation. This is another huge pet peeve of mine is how hard it is to have a good container pipeline to build containers without running root - we tried some of the alternatives but they all had drawbacks - easiest is to just use GitHub Ubuntu images and hope for the best (although I recently saw some improvement in this area we want to investigate) |
|
|