docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #19681 from dvdksn/scout-policy-fixable-vulns-config 

scout: "Fixable vulnerabilities only" config option
This commit is contained in:
David Karlsson 2024-03-25 16:31:28 +01:00 committed by GitHub
parent da9f382e08 219ea4eb1f
commit 9f716b9ee9
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 18 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
content/scout/policy/_index.md
View File

@ -77,8 +77,8 @@ available. Essentially, this means that there's an easy fix that you can deploy
for images that fail this policy: upgrade the vulnerable package to a version for images that fail this policy: upgrade the vulnerable package to a version
containing a fix for the vulnerability. containing a fix for the vulnerability.
This policy only flags critical and high severity vulnerabilities that were By default, this policy only flags critical and high severity vulnerabilities
published more than 30 days ago. The rationale for only flagging disclosed more than 30 days ago. The rationale for only flagging
vulnerabilities of a certain age is that newly discovered vulnerabilities vulnerabilities of a certain age is that newly discovered vulnerabilities
shouldn't cause your evaluations to fail until you've had a chance to address shouldn't cause your evaluations to fail until you've had a chance to address
them. them.
@ -86,8 +86,15 @@ them.
This policy is unfulfilled if an artifact is affected by one or more critical- This policy is unfulfilled if an artifact is affected by one or more critical-
or high-severity vulnerability, where a fix version is available. or high-severity vulnerability, where a fix version is available.
You can configure the severity level and age thresholds by creating a custom You can configure the parameters of this policy by creating a custom version of the policy.
policy. For more information, see [Configure policies](./configure.md). The following policy parameters are configurable in a custom version:
- Name and description of the policy
- Severity levels to consider
- Age threshold (set to `0` to flag all vulnerabilities, regardless of age)
- Whether or not to only report vulnerabilities with a fix version available
For more information about configuring policies, see [Configure policies](./configure.md).
### Copyleft licenses ### Copyleft licenses

8
content/scout/release-notes.md
View File

@ -14,7 +14,13 @@ for what's coming next.
## Q1 2024 ## Q1 2024
New features and enhancements released in the first quarter of of 2024. New features and enhancements released in the first quarter of 2024.
### 2024-03-20
The **Fixable critical and high vulnerabilities** policy now supports a
**Fixable vulnerabilities only** configuration option, which lets you decide
whether or not to only flag vulnerabilities with an available fix version.
### 2024-03-14 ### 2024-03-14