Support specifying multiple registries in the trust policy
Opened this issue · 1 comments
FeynmanZhou commented
From the trust policy spec, it requires users to specify a list of one or more fully qualified repository URIs in the registryScopes
.
However, this requirement limits the verification scope to repository level and narrows the verification scenario. If users want to specify all repositories under multiple registries in the registryScopes
, it will be inconvenient.
I would suggest extending the scope to registry level. It will enable users to specify not only repositories but also registries in the registryScopes
.
For example:
"registryScopes": [
"registry.acme-rockets.io",
"wabbit-networks.io"
]
yizha1 commented
Besides policies on registry level, it will be good to support policy on image level for more granularity, for example,
"registryScopes": [
"registry.acme-rockets.io/software/net-monitor:v1",
"registry.acme-rockets.io/software/net-logger:v2"
]