This topic explains how to create and modify image assurance policies, export, and import them. For more information on the image assurance policies and the policy components, refer to Image Assurance Policies.

To view image assurance policies, navigate to Policies > Assurance Policies. You can click the name of any policy to review and edit the policy components.

Add an Image Assurance Policy

You can add an image assurance policy from the Policies > Assurance Policies page to evaluate the scan results (security issues found, if any) as per criteria set in the policy. For example, you can mark images non-compliant if they have critical vulnerabilities, by defining a policy. Once a policy is defined, after images are scanned by Aqua server as per next schedule, specific actions are performed on the images as per scan results, as defined in the policy. A specific policy is applied on the images which meet the scope configured and defined in the policy.

To add an image assurance policy:

  1. Click Add Policy and select Image Assurance from the Assurance Policies page.
  2. Enter the policy name. Allowed characters are upper and lower case alphanumeric values, dashes, and underscores.
  3. (Optional) Enter a Description for the policy.
  4. From the Scope dropdown, select one or multiple application scopes from the configured list. For more information, refer to Policy Scope.
  5. Select the required Actions checkboxes that you want Aqua server to perform if the policy fails.
  6. Select and configure the Exceptions to the evaluation of the image assurance policy.
  7. Click the button of the required controls from the list on the left pane to include them in the policy. Some controls require additional parameters or options. You can add as many controls as required from the list.
  8. Click Save.

Modify a policy

Aqua offers out of the box Default image assurance policy. After you navigate to the Assurance Policies page, you can see a list of policies that are already created, including Default policy. You can modify any policy to reconfigure the scope, actions, exceptions, and control. To modify a policy:

  1. Click the required policy from the list that you want to edit.
  2. Make changes to the policy definition, as required such as editing scope, additional scope criteria, and enabling/disabling actions, exceptions checkboxes.
  3. To remove a control that is included in a policy, click the X next to it. You can also new controls as explained in the previous section.
  4. Click Save.

Delete Assurance Policies

You can delete any or all image assurance policies with exception of the Default policy. To delete a policy:

  1. Navigate to Policies > Assurance Policies
  2. Select the checkboxes next to the required policies that you want to delete.
  3. Click the delete icon at the top of the page.

Export Assurance Policies

Exporting and importing image assurance policies is especially useful for distributing policies one Aqua console to another. You can export and import one or multiple policies to prevent manual copying of each policy definition from one Aqua console to another. When you export policies, they are downloaded in the JSON file in your machine and import policy functionality supports only JSON file.

To export one or multiple policies:

  1. Navigate to Policies > Assurance Policies
  2. Select the checkboxes next to the required policies that you want to export or select the checkbox next to the Name header to select all the policies.
  3. Click the Export icon at the top of the page. The selected policies are downloaded as a JSON file into your machine with a standard file name, which you may want to rename later. 

Import Assurance Policies

To import all the Assurance Policies from a JSON file, which are exported from another Aqua console:

  1. Navigate to Policies > Assurance Policies.
  2. Click the Import icon at the top right of the page. Import Assurance Policies dialog appears.
  3. Enable the checkbox if you do no want to replace the existing policies with new policies.
  4. Click Select File and browse the JSON file which contains the image assurance policies that you have exported from another Aqua console.
  5. Click Upload.