{"id":15747860,"url":"https://github.com/developer-guy/oci-kyverno","last_synced_at":"2025-03-13T13:32:15.018Z","repository":{"id":61419088,"uuid":"467430297","full_name":"developer-guy/oci-kyverno","owner":"developer-guy","description":"A demonstration of pulling/pushing and signing/verifying Kyverno policies by storing them on OCI registries","archived":false,"fork":false,"pushed_at":"2022-10-14T12:17:26.000Z","size":48,"stargazers_count":5,"open_issues_count":0,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-02-26T19:52:37.011Z","etag":null,"topics":["crane","docker","go","kyverno","oci","oci-artifacts","oci-image","registry"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/developer-guy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-03-08T08:43:37.000Z","updated_at":"2024-09-25T01:18:24.000Z","dependencies_parsed_at":"2022-10-17T09:07:08.195Z","dependency_job_id":null,"html_url":"https://github.com/developer-guy/oci-kyverno","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Foci-kyverno","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Foci-kyverno/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Foci-kyverno/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/developer-guy%2Foci-kyverno/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/developer-guy","download_url":"https://codeload.github.com/developer-guy/oci-kyverno/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243414506,"owners_count":20287133,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crane","docker","go","kyverno","oci","oci-artifacts","oci-image","registry"],"created_at":"2024-10-04T05:22:06.244Z","updated_at":"2025-03-13T13:32:14.704Z","avatar_url":"https://github.com/developer-guy.png","language":"Go","readme":"# Prerequisites\n\n* crane \n* docker\n* go\n* jq\n\n# Usage\n\n```shell\n$ docker run -d -p 5000:5000 --restart=always --name registry registry:2\n\n$ go run main.go disallow-capabilities.yaml localhost:5000/disallow-capabilities:latest\nUploading Kyverno policy file [disallow-capabilities.yaml] to [localhost:5000/disallow-capabilities:latest] with mediaType [application/vnd.cncf.kyverno.policy.layer.v1+yaml].\nKyverno policy file [disallow-capabilities.yaml] successfully uploaded to [localhost:5000/disallow-capabilities:latest]\n\n$ crane manifest localhost:5000/disallow-capabilities:latest | jq \n{\n  \"schemaVersion\": 2,\n  \"config\": {\n    \"mediaType\": \"application/vnd.cncf.kyverno.config.v1+json\",\n    \"size\": 233,\n    \"digest\": \"sha256:d924710ff69c27353cee743d00226e7b1bd461b6df16943d983738e5264dfb3d\"\n  },\n  \"layers\": [\n    {\n      \"mediaType\": \"application/vnd.cncf.kyverno.policy.layer.v1+yaml\",\n      \"size\": 1551,\n      \"digest\": \"sha256:5b6075facc39bd992695f2c44285ae78165cf1497539b49168da4698a16cbfe7\"\n    }\n  ],\n  \"annotations\": {\n    \"kyverno.io/kubernetes-version\": \"1.22-1.23\",\n    \"kyverno.io/kyverno-version\": \"1.6.0\",\n    \"policies.kyverno.io/category\": \"Pod Security Standards (Baseline)\",\n    \"policies.kyverno.io/description\": \"Adding capabilities beyond those listed in the policy must be disallowed.\",\n    \"policies.kyverno.io/minversion\": \"1.6.0\",\n    \"policies.kyverno.io/severity\": \"medium\",\n    \"policies.kyverno.io/subject\": \"Pod\",\n    \"policies.kyverno.io/title\": \"Disallow Capabilities\"\n  }\n}\n```\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeveloper-guy%2Foci-kyverno","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdeveloper-guy%2Foci-kyverno","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdeveloper-guy%2Foci-kyverno/lists"}