💨 Airflow: Only permit signed container images

[Gary-H9]

I've created this discussion to ask - Should we only permit signed container images in Airflow?

They can only currently be pulled from specified repositories i.e. ECR. so this maybe slightly redundant.

🙇

[jacobwoffenden]

My thought is that if we bake image signing into the pipeline, it should be transparent to the image maintainers, but adds another layer of security for us

[jhpyke]

Yeah - re-looking at how we publish images for Airflow sounds like a really good task to pick up. The action we've made currently... works, but that's all I'm going to say in it's defense hahaha