You can use scopes to enforce policies on container images that are not yet deployed. The scope target is Build Phase.
Procedure
- On the left navigation pane, do one of the following depending on your system configuration and role:
- If you have the Kubernetes Security DevOps or SecOps role and your system has only the Container security feature, click .
- If you have any other role and your system has Container security and other Carbon Black Cloud features, click .
- Click Add Scope.
- Enter a Name for the scope.
- For target resources, select Container images. This scope will target specific container images. A policy can be enforced during the build phase.
- Click Next.
- Select the target criteria from the dropdown menus.
Option |
Description |
Apply only to specific build steps |
Harden images by assigning a policy and configuring CLI instances to perform validation during the build phase. |
Apply only to specific namespaces |
A scope can target images in particular namespaces; it will take precedence over generic scopes covering the same workloads. |
- Click Save.
The scope is ready for use in a Kubernetes Hardening Policy.