Container registry hooks + K8s admission webhook
Two paths into Pencheff’s container-security surface, both shipping in v0.7:
- Registry push webhooks — every image pushed to your container registry triggers a Trivy scan. DockerHub, AWS ECR, Google GCR / Artifact Registry, and Azure ACR are supported out of the box.
- Kubernetes admission webhook — refuses to schedule pods whose images carry unfixed critical CVEs reported by the Pencheff API.
Registry push webhooks
Each receiver translates the upstream’s webhook shape into a
uniform RegistryPushEvent and enqueues a Trivy scan via the
existing Celery worker pipeline. Non-PUSH events are acked but
ignored — this avoids retry storms when EventBridge / Event Grid
fires for delete / pull / tag-mutation actions.
| Registry | Endpoint | Notes |
|---|---|---|
| DockerHub | POST /api/registries/dockerhub | Standard JSON push_data.tag |
| AWS ECR (EventBridge) | POST /api/registries/ecr | Subscribe via EventBridge → HTTPS endpoint; only action-type: PUSH enqueues |
| Google GCR / Artifact Registry | POST /api/registries/gcr | Pub/Sub envelope (base64 data field) is auto-decoded |
| Azure ACR (Event Grid) | POST /api/registries/acr | SubscriptionValidation handshake handled inline |
Each enqueued scan lands as a RepoFinding row on the registry-mirror
target; the unified findings stream renders it alongside SAST / SCA
output.
Kubernetes admission webhook
A small Go binary (pencheff-admission) implements a
ValidatingAdmissionWebhook that:
- Decodes the AdmissionReview for every Pod CREATE / UPDATE.
- Pulls the per-image verdict from the Pencheff API.
- Denies the admission if any image carries an unfixed severity-
criticalfinding.
Install via Helm
helm install pencheff-admission \
oci://ghcr.io/balasriharsha-ch/charts/pencheff-admission \
--version 0.1.0 \
--set pencheffApi.url=http://pencheff-api/api \
--set pencheffApi.tokenSecretName=pencheff-api-tokenDefault failOpen: false — if the Pencheff API is unreachable, the
webhook denies the admission rather than silently letting a
critical-CVE image land. Operators with strict availability
requirements can flip the flag.
Bypass annotation
Pod authors can opt a single workload out by annotating:
metadata:
annotations:
pencheff.io/admission-bypass: "Dev-cluster fixture; reviewed by SecOps 2026-05-08"The bypass reason is recorded in the cluster audit trail. Future
work (Phase 4 follow-up): a --bypass-disabled flag at the
webhook command-line so cluster operators can forbid bypass entirely.
Source
- Registry receivers —
apps/api/.../routers/registries.py - Admission webhook —
apps/k8s-admission/ - Helm chart —
apps/k8s-admission/charts/pencheff-admission/