DirectorySecurity advisories
Sign in

Directory

tekton-sidecarlogresults-fips logoFIPS

tekton-sidecarlogresults-fips

Last changed
Sign in for updates

Get notified of upcoming product changes, critical vulnerability notifications and patches and more.

Sign in
Versions
Overview
Provenance
Specifications
SBOM
Vulnerabilities
Advisories

tekton-fips

This image is a variant of the Tekton images that is FIPS-compliant.

Usage

These images a drop-in replacement for the upstream images.

You can use an upstream release and replace the released images with those from Chainguard.

curl -sL https://storage.googleapis.com/tekton-releases/pipeline/latest/release.yaml | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/controller[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-controller-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/entrypoint[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-entrypoint-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/events[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-events-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/nop[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-nop-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/resolvers[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-resolvers-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/sidecarlogresults[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-sidecarlogresults-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/webhook[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-webhook-fips|g" | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/pipeline/cmd/workingdirinit[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-workingdirinit-fips|g" | \
    sed "s|cgr.dev/chainguard/busybox[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/busybox-fips|g" | \
    kubectl apply -f -

Instead of busybox-fips one can use any image with a shell and OpenSSL FIPS provider, for example chainguard-base-fips. This is needed because of entrypoint support for SPIRE. Currently it is not possible to build up to date entrypoint images without SPIRE, see this issue. If deployment does not use SPIRE support, one can use cgr.dev/chainguard-private/busybox and cgr.dev/chainguard-private/tekton-entrypoint images combination instead.

For Tekton Chains:

curl -sL https://storage.googleapis.com/tekton-releases/chains/latest/release.yaml | \
    sed "s|gcr.io/tekton-releases/github.com/tektoncd/chains/cmd/controller[a-z0-9:@.]\{1,\}|cgr.dev/chainguard-private/tekton-chains-fips|g" | \
    kubectl apply -f -

For Tekton CLI:

docker run cgr.dev/chainguard-private/tekton-cli-fips version
Licenses

Chainguard Images contain software packages that are direct or transitive dependencies. The following licenses were found in the "latest" version of this image:

  • Apache-2.0

  • LGPL-2.1-or-later

  • MIT

  • MPL-2.0

For a complete list of licenses, please refer to this Image's SBOM.

Software license agreement
Compliance

This is a FIPS validated image for FedRAMP compliance.

This image is STIG hardened and scanned against the DISA General Purpose Operating System SRG with reports available.

Learn more about STIGsGet started with STIGs
Related images
Category
FIPS
STIG

Products

Chainguard Images

Developer

Open sourceDocs

Resources

Unchained blogChainguard LabsCustomer storiesScannersSecurityEducation

Company

AboutNewsroomCareersChainguard loveLegalContact

Follow

TwitterGitHubLinkedInTikTok

© 2024 Chainguard, Inc.