python-fips

Last changed

Get notified of upcoming product changes, critical vulnerability notifications and patches and more.

Versions

Overview

Minimal FIPS-enabled images for python.

Get It

This image provides these versions of python:

3.10
3.11
3.12

The image is available on cgr.dev:


docker pull cgr.dev/chainguard-private/python-fips:3.10

Testing

Step 1: cd images/python-fips/fips-example/

Step 2: Replace the content of Dockerfile with the below:


FROM cgr.dev/chainguard-private/python-fips:3.10

WORKDIR /app

COPY . .

USER root

CMD ["./fips-check.py"]

Step 3: docker build -t fips-python:0.0.1 .
Step 4: docker run --rm fips-python:0.0.1 2>&1 >/dev/null | grep "\[digital envelope routines\] unsupported"

Since MD5 isn't supported when we enable FIPS, the script we run inside container should throw up an error which we redirect using 2>&1 and it should output something like '[digital envelope routines] unsupported'

Licenses

Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:

Apache-2.0
GCC-exception-3.1
GPL-2.0-or-later
GPL-3.0-or-later
LGPL-2.1-or-later
MIT
MPL-2.0

For a complete list of licenses, please refer to this Image's SBOM.

Software license agreement

Compliance

This is a FIPS validated image for FedRAMP compliance.

This image is STIG hardened and scanned against the DISA General Purpose Operating System SRG with reports available.

Learn more about STIGs Get started with STIGs

Related images