You can create a custom rule for container images that is based on built-in rules.

Procedure

  1. On the left navigation pane, click Enforce > K8s Policies.
  2. Click the Rules tab.
  3. Click Add Rule.
  4. Define the rule.
    1. Enter a unique custom rule name and a description.
    2. Select Container image criteria as the rule criteria.
    3. Click Next.
  5. Configure the rule. Options are:
    Image Criteria Vulnerability Severity or Registry Domains
    Critical vulnerabilities
    Note: The vulnerabilities with Critical severity are part of the default Critical vulnerabilities built-in rule. If you select Critical (9.0 - 10.0), you duplicate the existing built-in rule.
    • Critical (9.0 - 10.0)
    • High and above (7.0 - 10.0)
    • Medium and above (4.0 - 10.0)
    • Low and above (0.1 - 10.0)
    Vulnerabilities with fixes
    • Critical (9.0 - 10.0)
    • High and above (7.0 - 10.0)
    • Medium and above (4.0 - 10.0)
    • Low and above (0.1 - 10.0)
    Allowed registries Specify registries you want to allow as source. For example, docker.io.
  6. Click Next.
  7. On the Confirm Rule page, review the summary of the rule criteria and the matching Kubernetes resources and click Save.
    Confirm Rule page for a custom container images rule