TABLE OF CONTENTS

Overview

This topic explains all of the actions performed on images from the Images > General page. Following actions can be performed on the images:

  • Allow 
  • Block 
  • Export 
  • Import 
  • Delete images
  • Rescan
  • Full Rescan

Allow

As explained in Reactive Risk Management, you can allow or block an image. Allowing and blocking images are recorded with respect to the default assurance policy. You can also remove images from the respective lists of allowed and blocked images.


You can allow one or more images from the Images screen. When you allow a specific image, Aqua allows deployment of the specific image in containers, irrespective of the image's compliance status. Allowing an image does not actually change its compliance status but it can tell Aqua to ignore non-compliance for the purpose of image deployment.


You should allow an image only if you believe that running the image in containers will not cause unacceptable security risks.


Note: You can select any image for allowing, whether non-compliant, compliant, blocked, or already allowed. As you will probably allow non-compliant images, it might be helpful to filter the list to show only repositories with non-compliant images.


To allow images:

  1. Navigate to the Images > General page.
  2. Select one or multiple images from different repositories or select the required repositories for all images in it.
  3. Click Allow from the list of actions displayed in the page.
  4. Add a comment to the Warning box and click OK. The mention allowed appears next to the images that you have allowed.

You can also filter the allowed images using the Show repositories with filter.



Block

When you block an image, Aqua blocks deployment of the image in containers, irrespective of the image's compliance status. Blocking an image does not actually change its compliance status but it can tell Aqua to ignore compliance for the purpose of image deployment. Once an image is blocked, it is always marked as non-compliant in Aqua console until you remove the image from the blocked list.


This option can be used if you believe that a specific image has security issues or needs some changes, even though it is compliant with respect to all the assurance policies.


To block images:

  1. Select one or multiple images from different repositories or select the required repositories for all images in it.
  2. Click Block from the list of actions displayed in the page.
  3. Add a comment to the Warning box and click OK. The mention blocked appears next to the images that you have blocked.


Remove images from the list of allowed or blocked images

All allowed images appear in the Allowed Images control of the Default Image Assurance Policy. All blocked images appear in the Blocked Images control of the Default Image Assurance Policy. 


To remove images from the list of allowed or blocked images:

  1. Navigate to the Policies > Assurance Policies page. 
  2. Click Default assurance policy. You are navigated to the Assurance Policies Default (image policy) page.
  3. In the Images Allowed control, click the Delete icon next to the allowed image to remove from the list.
  4. In the Images Blocked control, click the Delete icon next to the blocked image to remove from the list.
  5. Click Save.



Export images

Exporting and importing images allows you to copy images from one Aqua console to another, quickly and efficiently.

To export images:

  1. Select one or multiple images from different repositories or select the required repositories for all images in it.
  2. Click Export from the list of actions displayed in the page. Notifications pane appears.
  3. Click Download ZIP at the latest Images data export request. 


All images are now downloaded as a .zip file in your machine. You can unzip this file into a folder which has .json file. The downloaded .json file which contains images can now be used to import into another Aqua console from your machine.



Import images

Importing images from a previous export allows you to add them to your Aqua destination server. 


To import an image:

  1. Navigate to the Images > General page.
  2. Click the Import Images button at the top right of the screen. Import Images dialog appears.
  3. Click Select File and browse your machine to attach .json file which has images, that you import into the current Aqua platform.
  4. Click Upload. When the import is completed, you can see the list of repositories and images imported into the current Aqua platform.
  5. Click Done. You can now see that new images are imported into the current Aqua console.

Note: You can upload a .json file with a maximum file size of 500MB, to import images into the Aqua platform.



Delete images

Deleting images deregisters them from your Aqua console. To delete images:

  1. Select one or multiple images from different repositories or select the required repositories for all images in it.
  2. Click Delete from the list of actions displayed in the page.
  3. Click Delete in the confirmation dialog. You can now see that selected images are removed from your Aqua console.



Rescan and Full Rescan images

You can scan images in Aqua instantly, even though they are scanned already and registered with Aqua. You can use this option when you know that there are changes in the specific images and you want to scan them again to check any security issues. Following are the rescanning options available for scanning images again:

  • Rescan: enters the selected image(s) to the scan queue
  • Full Rescan: enters the selected image(s) to the scan queue but rescan does not utilize previously cached scan results

To apply rescan options specific to the images:

  1. Select one or multiple images from different repositories or select the required repositories for all images in it.
  2. Click Rescan or Full Rescan as required. You can now see that the selected images are added to the Scan Queue > Pending or In Progress list.



Download image compliance report

You can retrieve image compliance report of all images in your Aqua platform to see the compliance status. This report has two sections as listed below:

  • Executive Summary: provides image assurance policy compliance in a pie chart which shows the number of compliant/non-compliant images out of the total number of images scanned in Aqua and top 5 image assurance failures by policy.
  • Image Compliance: shows the list of images with the respective compliance status such as image, policy compliance status and failed assurance policy and controls.

To download image compliance report:

  1. Click the compliance report icon at the right side of the page and click Image Compliance Report. You can see that Image Compliance document in the same tab.
  2. Click Save PDF or Print to save or print the document respectively.
  3. Click Back to Aqua to navigate back to the Aqua platform again.