Question about validating FIPS mode in build pipeline

old.reddit.com / @/u/crapspakkle, https://old.reddit.com/user/crapspakkle

Using circleci currently but will be switching to github actions in a few weeks. I am building two images for our API gateway, one standard and one that has to be FIPS compliant for our gov cloud. The FIPS image uses ubuntu 20.04 as the base. I have some unit tests written to validate that the crypto modules in this image are FIPS compliant but am not sure if it needs to run on a FIPS host (e.g. ubuntu-2004:2024.01.1 as a machine image) or can just be validated on a regular docker image. If it has to be on a FIPS host is this possible without using Ubuntu pro?

submitted by /u/crapspakkle
[link] [comments]

published 9 months ago




See all items from the same source