Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

With this approach, dovetail generates a digital signature along with the plain-text report . Then the reviewer can use this signature to validate the integrity of the dovetail tool and the report. 

Why:

The report in plain-text is vulnerable, can be easily modified during storage and transportation.

...

2. proposal for container security:

It is optional to upload the result to remote db. When user want to "dry run" the test, then all results will be stored locally. So it's convenient for users to adjust/modify their platform for a better result. 

Temporary test results in container can be modified as well, we can improve this by following: 

...