General Information
Overview
This article provides guidance on referencing images in Party Bus, where to find images, and other questions about images in Dockerfiles.
General Guidance
Product images built in a Party Bus pipeline need to be built on top of an approved image.
For multi-stage Docker builds, all intermediate stages must use an approved Iron Bank image. You may search for available, approved intermediate images by navigating to the container registry and searching for "ironbank."
The runtime stage (i.e., the final stage of a Dockerfile) that builds the image that will be deployed should use an image from the list below. You may search for available, approved runtime images by navigating to the container registry and searching for "base-image," or by looking in the section below.
Dockerfiles are not allowed to contain commands that will modify the base image (e.g., "yum update" and "yum install" are not allowed). If a base image does not have the necessary dependencies, open a help desk ticket with the dependency list or an example Dockerfile that the MDO team will approve, and then create the image needed. The MDO team creates this, and it can then be used in the Dockerfile.
Learn more about cyber compliance requirements in our Preparing for the Pipeline Queue document.
FAQs
How do I update my image?
Updating an image in the Party Bus context means pointing the FROM of your Dockerfile to a newer version of an image created by Party Bus.
To find a newer image, navigate to the pipeline-templates repository here: https://code.il2.dso.mil/platform-one/devops/pipeline-templates/container_registry (replacing il2 in the URL with your IL) and search for base-image. You may use any of the hardened images under the base-image directory of the pipeline-templates container registry.
Why do I have Twistlock findings in my image if they are not from my application?
Try updating your image via the above FAQ answer. If there is no newer image tag available, please submitting a feature request .
Why does my application only work on a specific page, but that image has Twistlock findings?
If you cannot update to a newer version, please submit a ticket for an exception. These are granted on a case-by-case basis to determine if the request is valid.