Using Docker Content Trust with Cromwell
I host the docker images I use for my cromwell analsys on docker hub. I want to make sure that I can trust the images that I pull from docker hub. (To protect against man in the middle attacks, compromised docker hub account, etc). Luckily, docker has something called Content Trust which enables you to cryptographically sign your images. However, this only works when you work with tags (ie
docker pull broadinstitute/genomes-in-the-cloud:2.3-1498756809), but cromwell uses hashes internally.
From a random script.submit:
docker run --rm -v <path> -i broadinstitute/genomes-in-the-cloud@sha256:e36609f714e301ee40c632b62422d
Is there a way to use Content Trust with Cromwell? The ability to verify the authenticity of each step of our analysis is very important to us.