Verify no unused Dockerhub
Type: Rule
ID: dockerhub-token-not-used
Source: v2/rules/dockerhub/token-not-used.yaml
Rego Source: token-not-used.rego
Labels: Dockerhub
Verify that there are no unused Dockerhub.
note
This rule requires Dockerhub Project Discovery Evidence. See here for more details.
tip
Signed Evidence for this rule IS NOT required by default but is recommended.
warning
Rule requires evaluation with a target. Without one, it will be disabled unless the --all-evidence flag is provided.
Usage example
uses: dockerhub/token-not-used@v2
Description
This rule verifies that there are no unused Dockerhub. It performs the following steps:
- Iterates over the Dockerhub tokens in the project.
- Checks each token's last_used is null , the rule flags it as a violation.
Evidence Requirements:
- Evidence must be provided by the Scribe Platform's CLI tool through scanning Dockerhub resources.
Evidence Requirements
| Field | Value |
|---|---|
| signed | False |
| content_body_type | generic |
| target_type | data |
| predicate_type | http://scribesecurity.com/evidence/discovery/v0.1 |
| labels | - asset_type=project - platform=dockerhub |