Collection of Conftest policies for HACBS container sanity tests. The policies are written in Rego language from Open Policy Agent.
Requires conftest and skopeo utilities installed on the system.
- Required and deprecated label policies for image metadata obtained by inspecting the image
- Deprecated repository policy for repository Pyxis data
- Unsigned RPM policy for RPM manifest Pyxis data
The image policies require access to the image repository.
skopeo inspect docker://"${IMAGE_UNDER_TEST}" > image_metadata.json
conftest test --policy policy/image image_metadata.json