Container Hardening¶

Software does not run without hardware. Even though we developed the application without depending on a special infrastructure, infrastructure can influence your system and/or some cross-cutting concepts. Therefore, you need to know the infrastructure.

PSS®X team do not recommend bundling any infrastructure into the application. Basically the application just needs to know the conection address to the infrastructure service.

The main reason here is that the customer envrionment where the application will work may have its own infrastructure services.

Container Hardening¶

We still need infrastructure containers for our application to work. In the containers project group, we create them in a controlled manner and use them for testing purposes.

Unless otherwise specified, all container images follow the following naming strategy.

<application-version-in-semver-X.Y.Z>-<base-operating-system-code-name>-<base-operating-system>-<architecture>

e.g: 3.13.4-bookworm-slim-amd64

In addition, aspnetcore runtime can be reused for web applications. Distroless option is also available.

Important:

• The containers and their maintainers are not finally clearing the images. The containers just provides SBOM and License information to the oss clearing platforms like black duck

OSS Clearing Environment¶

The OSS clearing officers are finally responsible to accept the image in their products and to take to fulfill the required obligations.