General Information
This article contains guidance on how to reference an image in Party Bus, where to find images, and other questions regarding images with regards to Dockerfiles.
General Guidance
Product images built in a Party Bus pipeline need to be built on top of an approved image.
For multi-stage Docker builds, all intermediate stages must use an approved Ironbank image. You may search for available, approved intermediate images by navigating to https://code.il2.dso.mil/platform-one/devops/pipeline-templates/container_registry and searching for "ironbank."
The runtime stage (i.e., the final stage of a Dockerfile) that builds the image that will be deployed should use an image from the list below. You may search for available, approved runtime images by navigating to container registry and searching for "base-image," or by looking in the section below.
Dockerfiles are not allowed to contain commands that will modify the base image (e.g., "yum update" and "yum install" are not allowed). If a base image does not have the necessary dependencies then a ticket should be opened with the necessary dependencies list or an example Dockerfile that the MDO team will approve and then create the image needed. This created by the MDO team can then be used in the Dockerfile.
We have more information on this here: Party Bus - Project Settings Enforcement
FAQs
How do I update my image?
Updating an image in the Party Bus context means pointing the FROM of your Dockerfile to a newer version of an image created by Party Bus.
To find a newer image, navigate to the pipeline-templates repository here: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/container_registry (replacing il2 in the URL with your impact level) and search for base-image. You may use any of the harden images under the base-image directory of the pipeline-templates container registry.
Why do I have Twistlock findings in my image if they are not from my app?
Try updating your image via the above FAQ answer. If there is no newer image tag available, please create a feature request .
Why does my application only work on a specific page, but that image has Twistlock findings?
If you cannot update to a newer version, please submit a ticket for an exception. https://jira.il2.dso.mil/servicedesk/customer/portal/73. These are granted on a case-by-case basis to determine if the request is valid.