Using Docker Plugins to Embed the Community Attestation Service (cas) into your Docker CLI

If you’re not securing your container images and generating SBOMs (Software Bill of Materials) on a daily basis, you should definitely start. If you’d like to get start easily we offer an open source and free service to the community called CAS, the Community Attestation Service. Once you start securing your images, you’ll probably want to have a shortcut to notarize (aka sign) and authenticate (aka verify) your container. Here’s how you can accomplish that easy via Docker plugins to create a shortcut within the Docker CLI.

Let’s take the WordPress container image as an example – Let’s say we want to set shortcuts like the commands below that link to the Codenotary Attestation Service and the Docker’s CLI:

docker notarize wordpress # notarize the container image using your account (add trust)
docker notarizebom wordpress # notarize the container image and SBOM using your account
docker untrust wordpress # remove trust from the container image using your account
docker auth wordpress # verify the container image trust based on your account

Luckily you can integrate any kind of Shell script into the Docker CLI as a plugin to enhance the functionality.

You can find some sample code in this repository does the job for you:

https://github.com/vchaindz/cas-docker-cli-plugins

Make sure you have a Community Attestation Service account and the cas binary in your path.

  1. Register: https://cas.Codenotary.com/
  2. Download binary: https://github.com/Codenotary/cas/releases
  3. Login into cas: export CAS_API_KEY=<YOURAPIKEY>; cas login

Then just run the following command on your Docker machine (tested on Linux and macOS) to download the scripts into your Docker CLI plugin folder:

mkdir -p ~/.docker/cli-plugins
for cmd in docker-auth docker-authbom docker-notarize docker-notarizebom docker-untrust; do
    curl https://raw.githubusercontent.com/vchaindz/cas-docker-cli-plugins/main/$cmd \
        -o ~/.docker/cli-plugins/$cmd && \
        chmod +x ~/.docker/cli-plugins/$cmd
done

The Docker CLI automatically detects the new plugins and you can run the docker auth or docker notarize commands, adding the container image of your choice.

Examples

make sure to log into cas before using the plugins

export CAS_API_KEY=<your API_KEY>
cas login

Trust the wordpress container image

docker notarize wordpress

Trust the wordpress container image and its dependencies

docker notarizebom wordpress

Untrust the wordpress container image

docker untrust wordpress

Authenticate the wordpress container image

docker auth wordpress

RELATED ARTICLES

Save energy without reducing VM performance in your VMware vSphere cluster
16 August 2022
Over the last couple of decades energy consumption went up massively in every data center and while the…
Dennis
Metrics & Logs support for IoT - Bringing Secure Monitoring and Logging to the Edge
7 July 2022
Simple uptime monitoring for Internet-of-Things (IoT) is well-known and requires knowing if the devices are up and running.…
Dennis
Monitoring Azure SQL Managed Instance with Opvizor Metrics & Logs
17 January 2022
When you have critical applications and business processes that rely on Azure resources, it's critical to keep an…
Dennis

White Paper — Registration

You will receive the research paper by mail.

Codenotary — Webinar

White Paper — Registration

Please let us know where we can send the whitepaper on Codenotary Trusted Software Supply Chain. 

Become a partner

Start Your Trial

Please enter contact information to receive an email with the virtual appliance download instructions.

Start Free Trial

Please enter contact information to receive an email with the free trial details.

Subscribe to our newsletter