...
With this approach, dovetail generates a digital signature along with the plain-text report . Then the reviewer can use this signature to validate the integrity of the dovetail tool and the report.
Why:
The report in plain-text is vulnerable, can be easily modified during storage and transportation.
...
2. proposal for container security:
It is optional to upload the result to remote db. When user want to "dry run" the test, then all results will be stored locally. So it's convenient for users to adjust/modify their platform for a better result.
Temporary test results in container can be modified as well, we can improve this by following:
...