Merge pull request #19316 from dvdksn/scout-policy-unapproved-base-img-unsupporteddoi

scout: add "supported DOI tags" feature of unapproved base images policy
2024-02-07 18:05:27 +01:00 · 2024-02-07 18:05:27 +01:00 · 07bca4e2ad
parent 3a3dca08ad d18a8c842d
commit 07bca4e2ad
1 changed files with 10 additions and 2 deletions
--- a/content/scout/policy/_index.md
+++ b/content/scout/policy/_index.md
@ -293,14 +293,22 @@ An asterisk (`*`) matches up until the character that follows, or until the end
 of the image reference. Note that the `docker.io` prefix is required in order
 to match Docker Hub images. This is the registry hostname of Docker Hub.

+You can also configure the policy to allow only supported tags of Docker
+Official Images. When this option is enabled, images using unsupported tags of
+official images trigger a policy violation. Supported tags for official images
+are listed in the **Supported tags** section of the repository overview on
+Docker Hub.
+
 This policy isn't enabled by default. To enable the policy:

 1. Go to the [Docker Scout Dashboard](https://scout.docker.com/).
 2. Go to the **Policies** section.
 3. Select the **Unapproved base images** policy in the list.
 4. Enter the patterns that you want to allow.
-5. Select **Save and enable**. The policy is now enabled for your current
-   organization.
+5. Select whether you want to allow only supported tags of official images.
+6. Select **Save and enable**.
+
+   The policy is now enabled for your current organization.

 Your images need provenance attestations for this policy to successfully
 evaluate. For more information, see [No base image data](#no-base-image-data).