From c334c0488a0e8ed78d0333953c9b3b5ffadc5099 Mon Sep 17 00:00:00 2001 From: Mark Drake <33191761+SharpRake@users.noreply.github.com> Date: Wed, 2 Oct 2024 09:27:18 -0700 Subject: [PATCH] Adding Matthew's FIPS blurb to FIPS doc (#1832) ## Type of change Adds a brief blurb to the FIPS doc (written by Matthew) that acts as a warning about using random helm charts with FIPS images. ### What should this PR do? ### Why are we making this change? ### What are the acceptance criteria? ### How should this PR be tested? No tech test, just a quick scan that the change works as written. Signed-off-by: Mark Drake --- .../chainguard-images/working-with-images/fips-images.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/content/chainguard/chainguard-images/working-with-images/fips-images.md b/content/chainguard/chainguard-images/working-with-images/fips-images.md index ec8be07cc9..28996bd9a0 100644 --- a/content/chainguard/chainguard-images/working-with-images/fips-images.md +++ b/content/chainguard/chainguard-images/working-with-images/fips-images.md @@ -56,6 +56,8 @@ In order to help customers ensure their applications are running in FIPS mode, C Be aware that this tool can only detect whether or not OpenSSL is properly configured. This tool does not validate whether any other element in an overall delivered configuration is, or is not, FIPS 140-2/140-3 compliant. It only tests whether OpenSSL is properly configured and makes use of the FIPS module correctly. Any applications and languages must be built to use the [OpenSSL Cryptographic library](https://www.openssl.org/docs/man3.0/man7/crypto.html) (also known as `libcrypto`) in order for the OpenSSL FIPS configuration to be useful. +You will need to pay attention to how you deploy your Chainguard Images. For example, sometimes people configure installations via Helm in a way that copies an application from an image and deploys it, which would mean that you cannot ensure the code or configuration are unchanged and could put you into a state of non-compliance. + ## Learn more