Gitlab lets you use any image on Docker Hub but how can I restrict to Docker Certified images? The advice I read in Docker Reference Architecture: Building a Docker Secure Supply Chain implies that this is something I do (manually) when I look for an image:
Picking the right images from Docker Hub is critical. Start with
Certified Images, then move on to official images. Lastly, consider
community images. Only use community images that are an automated
build. This helps ensure that they are updated in a timely fashion.
Verification of the freshness of the image is important as well.
When searching Docker Hub for images, make sure to check the Docker Certified checkbox.
But can I setup Gitlab to ensure that the images I’m using are Certified Images? For example, suppose an image I chose one day loses its certification? I would want to be notified of the vulnerability automatically, let’s say at build time or even more proactively.