Getting Started with Image Assurance Policy

When you enable Image Assurance, CloudGuard protects your cluster with an automatically created default ruleset and default policy. For configuration of the default policy, see Vulnerability Policies (Image Assurance).

Image Assurance policy apples to KubernetesClosed Kubernetes, often abbreviated as “K8s”, orchestrates containerized applications to run on a cluster of hosts. image assurance, container registries, ECSClosed Amazon Elastic Container Service (ECS) - a fully managed container orchestration service that helps you deploy, manage, and scale Docker containers running applications, services, and batch processes. images and ShiftLeftClosed The ShiftLeft tool scans source code, containers and serverless functions, looking for vulnerabilities including those associated with the Log4j tool. This tool alerts the security and DevOps teams if any vulnerabilities are detected in the pre-build phase, ensuring that vulnerable code is not deployed. image scans.

Configuring an Image Assurance Policy

Follow the steps below to change the default policy or create a new policy.

  1. Navigate to Workload Protection > Vulnerabilities > Rulesets.

  2. Click the Container Image Assurance ruleset.

  3. Click Clone.

  4. Give the ruleset a name and a description.

  1. Navigate to Workload Protection > Vulnerabilities > Rulesets.

  2. Click Add Ruleset.

  3. Enter a name and a description for the ruleset.

  1. Navigate to Workload Protection > Vulnerabilities > Rulesets.

  2. Click the thumbnail of the ruleset to which you add a rule.

  3. Click New Rule to open the rule editor page.

  4. Click the GSL text box to open the GSL Rule Editor. For more information, see GSL Builder.

  5. Click Verify to verify the rule.

  6. Click Done.

  7. Enter or update other available fields (Title, Description, etc.)

  8. Click Save to save the new rule.

  1. Navigate to Workload Protection > Vulnerabilities > Policies.

  2. Find the Kubernetes cluster association.

  3. Click the menu above the table and select Unassociate.

You can configure more than one policy on a cluster.

  1. Navigate to Workload Protection > Vulnerabilities > Policies.

  2. Click Add Policy.

  3. Select Environment Policy if you want to apply this policy to a cluster, or Organizational Unit Policy if you want to apply it to the unit to which the cluster belongs.

  4. Select the cluster or Organizational Unit to apply the policy.

  5. Click Next.

  6. Select the ruleset to bind to the cluster or OU. You can select multiple rulesets.

  7. (Optional) For Kubernetes environments, enable Admission Control (Image Admission) in Detection or Prevention mode. For more details, see Image Admission.

  8. Select the notification that appears when this policy is violated. You can configure a new notification or select an existing one.

    Note - To see findings in the CloudGuard portal, make sure the Alerts Console option is selected.

  9. Click Save.

More Links