Agentic AI Atlas

II.

Workflow JSON

workflow:container-image-hardening

Structured · live

Container Image Hardening json

Inspect the normalized record payload exactly as the atlas UI reads it.

File · workflows/workflows/workflows-security-compliance-deep.yamlCluster · workflows

Record JSON

{
  "id": "workflow:container-image-hardening",
  "_kind": "Workflow",
  "_file": "workflows/workflows/workflows-security-compliance-deep.yaml",
  "_cluster": "workflows",
  "attributes": {
    "displayName": "Container Image Hardening",
    "workflowKind": "security",
    "triggerType": "event-driven",
    "typicalCadence": "per-image-build",
    "complexity": "single-team",
    "description": "Hardens container images against attack surface -- enforcing minimal base\nimages, scanning for OS and language-level CVEs, removing unnecessary\npackages and shells, configuring non-root users, validating Dockerfile best\npractices, signing images with cosign/Notary, and gating promotion to\nproduction registries on scan pass. Excludes container runtime security\npolicies.\n"
  },
  "outgoingEdges": [
    {
      "from": "workflow:container-image-hardening",
      "to": "role:platform-engineer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "role:security-reviewer",
      "kind": "involves_role",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "skill-area:containerization",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "skill-area:container-security",
      "kind": "requires_skill_area",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "domain:security",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "domain:cloud-infra",
      "kind": "applies_to_domain",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "responsibility:run-security-scans",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "responsibility:approve-deploys",
      "kind": "triggers_responsibility",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "org-unit:platform-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    },
    {
      "from": "workflow:container-image-hardening",
      "to": "org-unit:security-team",
      "kind": "performed_by_org_unit",
      "attributes": {}
    }
  ],
  "incomingEdges": [
    {
      "from": "stack-profile:security-operations",
      "to": "workflow:container-image-hardening",
      "kind": "follows_workflow"
    },
    {
      "from": "stack-profile:container-registry-scanning",
      "to": "workflow:container-image-hardening",
      "kind": "follows_workflow"
    },
    {
      "from": "stack-profile:vulnerability-management-platform",
      "to": "workflow:container-image-hardening",
      "kind": "follows_workflow"
    }
  ]
}