TABLE OF CONTENTS

Overview

When you add the Custom Compliance Checks control to your Assurance Policy, you configure it with one or more custom compliance scripts. Each script checks the image being scanned for specific conditions, and returns a value of either 0 (pass) or 1 (fail). If any script fails, the Custom Compliance Checks control fails.


Aqua Bench is the only one script format supported and is applicable to Linux images only.


Prerequisite

To use Unix shell compliance scripts, the bash or sh shell must be available in the image on some path, and your scripts must reference that path in the shebang line.


File size limitation

The file size of each custom compliance script is limited to 15 MB.


Configure Custom Compliance Checks

You can add one or multiple Custom Compliance Checks controls while configuring your image assurance policy. You can write your own scripts and/or use one of the predefined scripts offered by Aqua.


View and manage predefined compliance checks

Aqua offers a few predefined compliance checks to use and customize them while adding Custom Compliance Checks control in your image assurance policy. This section where can you view predefined compliance scripts, copy, and download the scripts. You can view all the predefined compliance scripts in the Compliance Checks page.


To manage the compliance checks:

  1. In the Aqua UI, navigate to Policies > Assurance Policies.


       2. Click Manage Compliance Checks at the top right of the page. You can see the list of predefined scripts offered by Aqua and custom scripts added in the application.


In this page, you can perform the following actions on the compliance scripts:

  • Filter by script type: at the top right of the page, from the filter dropdown, select a script type and select Aqua Bench from the list
  • Search by script name: type any keyword of the script name to find the respective scripts
  • Add New Script: click this button to add a new script as explained in the Add a new compliance script section.
  • Refresh: click this button at the top right of the page to display any recently added custom scripts
  • Delete: select any script with checkbox and click the Delete button at the top of the page
  • Show script: click the Show script button for any specific script to see the script in the dialog. From here, you can copy the script
  • Download script: click the Download script button for any specific script to download the script in the respective format. Aqua bench, Unix Shell, and Powershell scripts are downloaded in the .ab, .sh, and .ps1 formats respectively
  • Edit script: click any script name to edit the script and save as new custom script, as explained in the Add a new compliance script section



Add a new compliance script

You can add new script by writing it in the text editor and import to Aqua in the required file format supported. To add a new compliance script:

  1. Using a text editor, write a script in the required format that can be used with your image assurance policy.
  2. In the Compliance Checks page, Click Add New Script. Import Script dialog appears.
  3. In the Import Script dialog:
    1. Click Select File to browse and select the required file from your machine. The Script Engine field will be filled automatically to reflect the format of the selected script file. This will not happen if the file format is not valid.
    2. Script Name: File name is added to this field automatically. Edit the added name, as required.
    3. Script Description: (Optional) Add a description, which will appear in the column of the list of Custom Compliance Check scripts.
  4. Click Import. Your new script will appear in the Assurance Policies > Compliance Checks page and its type will be the type of script file that you have used to import.



You can also add a new script by editing any existing script. To add a new script using the existing script:

  1. In the Compliance Checks page, click any script name. Script appears in the editing mode.
  2. Edit the script as required.
  3. Click Save as at the right top of the page. Save as Script dialog appears.
  4. Enter the unique script name and optional script description.
  5. Click Save. Your new script will appear in the Assurance Policies > Compliance Checks page and its type will be the type of script that you have used to add new one.



Add the Custom Compliance Checks control in a policy

You can include one or multiple custom compliance scripts in the control while configuring an image assurance policy. To add a custom compliance checks control to a policy:

  1. Navigate to Policies > Assurance Policies.
  2. Click Add Policy and select Image Assurance from the dropdown. New Image Assurance Policy page appears.
  3. In the Controls section, Click + Custom Compliance Checks control in the left pane. This control is added to the right pane.
  4. Ensure that the Enable Custom Compliance Checks control checkbox is selected.
  5. From the dropdown, select the required compliance check and click Add. the checks of type, Aqua Bench, Unix Shell, and Powershell are displayed here in the image assurance policies.
  6. Repeat the previous step to include an additional script in the control. 
  7. (Optional) Click next to the added compliance check to remove any check from control.
  8. Complete configuring the image assurance policy. For more information, refer to Operations on Assurance Policies.
  9. Click Save to save the Assurance Policy.