It'll be a big security concern for our team if a dev is able to reference any public docker image for their builds.
Is there any built-in way to restrict which ones can be used? If not, is there anything on the roadmap for such a feature?
Hi Jonathan and welcome to the community.
I'm afraid that there is no way to restrict the Docker images that can be used as a build container in Pipelines and such a feature is not in our roadmap at the moment.
I can create a feature request in our issue tracker, so we can gather interest in such a feature, would you like me to proceed with that? I assume you are looking for a way to restrict this via the Repository settings which are available to admins only? A restriction configured in the yml file could always be overwritten by a developer by simply editing the yml file in the branch they are working on.
Kind regards,
Theodora
Hi Theodora,
Yes, please create that ticket for me and keep me updated. And like you mentioned it would be best if it was done via Repository or Workspace settings.
Thank you
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jonathan,
I went ahead and created a feature request in our issue tracker:
Please make sure to add your vote (by selecting the Vote for this issue link) as the number of votes helps the development team and product managers better understand the demand for new features. You are more than welcome to leave any feedback, and you can also add yourself as a watcher (by selecting the Start watching this issue link) if you'd like to get notified via email on updates.
Implementation of new features is done as per our policy here and any updates will be posted in the feature request.
Kind regards,
Theodora
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.