From e52d3326cd327d2424a74b7adbb1880355d42c64 Mon Sep 17 00:00:00 2001 From: Natalie Arellano Date: Wed, 22 Jul 2020 12:29:21 -0400 Subject: [PATCH] Add docs comment Signed-off-by: Natalie Arellano --- task/buildpacks-phases/0.1/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/task/buildpacks-phases/0.1/README.md b/task/buildpacks-phases/0.1/README.md index ac18302d..5b927aff 100644 --- a/task/buildpacks-phases/0.1/README.md +++ b/task/buildpacks-phases/0.1/README.md @@ -5,6 +5,8 @@ Buildpacks](https://buildpacks.io). To do that, it uses [builders](https://build Cloud Native Buildpacks are pluggable, modular tools that transform application source code into OCI images. They replace Dockerfiles in the app development lifecycle, and enable for swift rebasing of images and modular control over images (through the use of builders), among other benefits. This command uses a builder to construct the image, and pushes it to the registry provided. +The lifecycle phases are run in separate containers to enable better security for untrusted builders. Specifically, registry credentials are hidden from the detect and build phases of the lifecycle, and the analyze, restore, and export phases (which require credentials) are run in the lifecycle image published by buildpacksio. + See also [`buildpacks`](../buildpacks) for the combined version of this task, which uses the [creator binary](https://github.com/buildpacks/spec/blob/platform/0.3/platform.md#operations), to run all of the [lifecycle phases](https://buildpacks.io/docs/concepts/components/lifecycle/#phases). This task, in contrast, runs all of the phases separately. ## Install the Task