From f6fe7c9b74b043646a105bb517d8c8c5e3cd741c Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Tue, 13 Feb 2024 11:33:43 +0100 Subject: [PATCH] scout(policy): unsupported distro versions option Signed-off-by: David Karlsson <35727626+dvdksn@users.noreply.github.com> --- content/scout/policy/_index.md | 23 +++++++++++++++++------ 1 file changed, 17 insertions(+), 6 deletions(-) diff --git a/content/scout/policy/_index.md b/content/scout/policy/_index.md index fec0430a31..220ba7b6a3 100644 --- a/content/scout/policy/_index.md +++ b/content/scout/policy/_index.md @@ -293,11 +293,21 @@ An asterisk (`*`) matches up until the character that follows, or until the end of the image reference. Note that the `docker.io` prefix is required in order to match Docker Hub images. This is the registry hostname of Docker Hub. -You can also configure the policy to allow only supported tags of Docker -Official Images. When this option is enabled, images using unsupported tags of -official images trigger a policy violation. Supported tags for official images -are listed in the **Supported tags** section of the repository overview on -Docker Hub. +You can also configure the policy to: + +- Allow only supported tags of Docker Official Images. + + When this option is enabled, images using unsupported tags of official images + trigger a policy violation. Supported tags for official images are listed in + the **Supported tags** section of the repository overview on Docker Hub. + +- Allow only Docker Official Images of supported distro versions + + When this option is enabled, images using unsupported Linux distributions + that have reached end of life (such as `ubuntu:18.04`) trigger a policy violation. + + Enabling this option may cause the policy to report no data + if the operating system version cannot be determined. This policy isn't enabled by default. To enable the policy: @@ -305,7 +315,8 @@ This policy isn't enabled by default. To enable the policy: 2. Go to the **Policies** section. 3. Select the **Unapproved base images** policy in the list. 4. Enter the patterns that you want to allow. -5. Select whether you want to allow only supported tags of official images. +5. Select whether you want to allow only supported tags or supported distro + versions of official images. 6. Select **Save and enable**. The policy is now enabled for your current organization.