Verify DockerHub Tokens are Active
Type: Rule
ID: dockerhub-token-expiration
Source: v2/rules/dockerhub/token-expiration.yaml
Rego Source: token-expiration.rego
Labels: Dockerhub
Verify that all discovered Dockerhub tokens are set to Active in Dockerhub.
note
This rule requires Dockerhub Project Discovery Evidence. See here for more details.
tip
Signed Evidence for this rule IS NOT required by default but is recommended.
warning
Rule requires evaluation with a target. Without one, it will be disabled unless the --all-evidence flag is provided.
Usage example
uses: dockerhub/token-expiration@v2
Mitigation
Ensure all Dockerhub tokens are set to Active status to prevent unauthorized access.
Description
This rule verifies that all discovered Dockerhub tokens are set to Active in Dockerhub. It performs the following steps:
- Iterates over the Dockerhub tokens in the project.
- Checks each token's status against the Active status.
- If a token's status is not Active, the rule flags it as a violation.
Evidence Requirements:
- Evidence must be provided by the Scribe Platform's CLI tool through scanning Dockerhub resources.
Evidence Requirements
| Field | Value |
|---|---|
| signed | False |
| content_body_type | generic |
| target_type | data |
| predicate_type | http://scribesecurity.com/evidence/discovery/v0.1 |
| labels | - asset_type=project - platform=dockerhub |