Demonstrate FIPS 140 compliance for Sec section images
Create a CI snippet that can be used to demonstrate FIPS compliance in the UBI-based images that Sec has created.
This means something like overriding the entrypoint or command of the job to print “FIPS mode: yes” or “FIPS mode: no” based on the OS’s method of querying for FIPS mode (sysctl, /etc file, etc.). This would be for the subset of images we have rendered FIPS-compliant (for Static Analysis this is secrets
, kics
, semgrep
) only. It would be demonstrated live in a test GitLab instance if requested by our auditor.
Ideally the same approach would work for the other FIPS-compliant images in the Sec section as well.
See &6479 (closed) for scope of work done for FIPS 140 compliance.
Edited by Connor Gilbert