While working on an earlier version of the Conforma project, I was presented with an interesting problem regarding policy configuration. The ability to intuitively express which rules should be included was not quite there yet. For example, consider the following snippet from a policy configuration: config: include: - slsa_build_scripted_build - attestation_type exclude: - attestation_type.pipelinerun_attestation_found The . character is a package separator. foo.bar means the bar rule from the foo package. foo means all the rules in the foo package....
Using Host Certificates with Podman
Let’s say you want to launch a container locally with podman. Now, let’s say this container needs access to resources within your company’s internal network which use a custom root CA (Certificate Authority). You will certainly face certificate verification errors. This can be frustrating because, after all, you have already trusted that root CA for your host. This post is about extending that trust to containers launched by podman. Failed Attempt Your first attempt might be to simply mount your local CA bundle when launching the container, e....