Harden a Container Image without profiling, using profiles from similar Containers; aggregate profiles from multiple test runs
In general, hardening a workload requires deploying and testing the stubbed workload at least once so that RapidFort can trace the runtime behavior and generate an accurate profile.
In some situations, running comprehensive tests to exercise all workload functionalities may not be feasible or necessary.
For example, suppose that after generating a stub image and running your comprehensive test suite, you discover that a configuration file needs to be updated or a small bug fix needs to be included prior to release. Therefore, you build a new image and generate a new stub image.
With workload tags, you do not need to rerun your comprehensive test suite on the new stub image before hardening it. Instead, you can run sanity tests on the new stub image to validate the updates and then harden it using the workload tag from the previous stub image that was fully tested.
Similarly, if your workload composition (packages and files) does not change significantly from build to build, you can create a workload tag and harden stub images for subsequent builds using the workload tag. When there are impactful changes, deploy and test the stub image to ensure that the new functionality is exercised and new dependencies are added to the runtime profile before you harden it.
Workload tags can be used to harden images using results from multiple independent test runs. Instead of having to change your software testing process to run all test suites on the same stub image, you can do the following:
- For each test phase, generate a stub image with a workload tag (for example, unit_test, qa_test, coverage_test). You can also generate stub images that share the same workload tag (for example, build_12345).
- Test each stub image independently
- Generate and harden another stub image using the workload tags