Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✈️ Devise new image upload system (including image scanning) #2901

Closed
4 tasks
Tracked by #2843
jhpyke opened this issue Jan 12, 2024 · 2 comments
Closed
4 tasks
Tracked by #2843

✈️ Devise new image upload system (including image scanning) #2901

jhpyke opened this issue Jan 12, 2024 · 2 comments
Labels
✈️ Airflow Migration Epic (Epic #2843) data-platform-apps-and-tools This issue is owned by Data Platform Apps and Tools enhancement enhancing an existing feature stale

Comments

@jhpyke
Copy link
Contributor

jhpyke commented Jan 12, 2024

User Story

As an… Airflow Maintainer
I need/want/expect to… have users upload images to airflow that are secure
So that… I can run a platform where we are confident that user code is safe to execute.

Value / Purpose

Users can currently upload images they build themselves, which allows users to self-service update their images while in development. In order to continue to follow best practice, we should create an image upload mechanism that surfaces security outcomes to users directly, so they can act on the information provided.

Useful Contacts

No response

User Types

No response

Hypothesis

No response

Proposal

No response

Additional Information

This is the current image upload mechanism. It functions by having repository level secrets stored in the template r and python repos, which then are available in user repositories based on this repo. This code is largely unchanged since its inception, and should be used as a reference, and not a template for the future action.

Definition of Done

  • Users are able to upload images that are accessible from within the new airflow environment.
  • Images are scanned prior to upload, and any security issues of HIGH or CRITICAL status are returned back to them.
  • Images with CRITICAL security issues are prevented from being uploaded to our ECR repositories.
  • A decision should be made on whether to allow images with HIGH status security issues.
@jhpyke jhpyke added the enhancement enhancing an existing feature label Jan 12, 2024
@jhpyke jhpyke changed the title ✈️ Devise new image upload system (including image scanning). ✈️ Devise new image upload system (including image scanning) Jan 12, 2024
@jhpyke jhpyke mentioned this issue Jan 12, 2024
Closed
16 tasks
@jhpyke jhpyke added data-platform-apps-and-tools This issue is owned by Data Platform Apps and Tools ✈️ Airflow Migration Epic (Epic #2843) labels Jan 16, 2024
@github-actions github-actions bot mentioned this issue Feb 1, 2024
Closed
@github-actions GitHub Actions
Copy link
Contributor

This issue is being marked as stale because it has been open for 60 days with no activity. Remove stale label or comment to keep the issue open.

@github-actions github-actions bot added the stale label Mar 17, 2024
@github-actions GitHub Actions
Copy link
Contributor

This issue is being closed because it has been open for a further 7 days with no activity. If this is still a valid issue, please reopen it, Thank you!

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 24, 2024
@github-project-automation github-project-automation bot moved this from 👀 TODO to 🎉 Done in Analytical Platform Mar 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
✈️ Airflow Migration Epic (Epic #2843) data-platform-apps-and-tools This issue is owned by Data Platform Apps and Tools enhancement enhancing an existing feature stale
Projects
Analytical Platform
Archived in project
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jhpyke