OCI Artifacts

Jan 1, 0001

Definition

OCI Artifacts refer to a specification for storing and managing container images and other types of content in a registry. The Open Container Initiative (OCI) provides a standard format that allows for the consistent handling of various artifacts, such as Helm charts, Singularity images, or WASM modules, alongside traditional container images. This standardization facilitates interoperability and enhances the portability of artifacts across different environments and platforms.

Secure Settings Example

# Example of a secure OCI artifact configuration in a Kubernetes environment
apiVersion: apps/v1
kind: Deployment
metadata:
  name: secure-deployment
spec:
  template:
    spec:
      containers:
      - name: my-container
        image: myregistry.example.com/myartifact:1.0
        imagePullPolicy: Always
        securityContext:
          runAsNonRoot: true
          readOnlyRootFilesystem: true
      imagePullSecrets:
      - name: myregistrykey

Insecure Settings Example

# Example of an insecure OCI artifact configuration
apiVersion: apps/v1
kind: Deployment
metadata:
  name: insecure-deployment
spec:
  template:
    spec:
      containers:
      - name: my-container
        image: myregistry.example.com/myartifact:latest
        imagePullPolicy: IfNotPresent
        securityContext:
          runAsNonRoot: false
          readOnlyRootFilesystem: false
      # Missing imagePullSecrets, risking unauthorized access

OCI Artifacts

Definition

Secure Settings Example

Insecure Settings Example

Ask AppSec: free security newsletter

Ask AppSec: free security newsletter