Recently Viewed Topics
Policy Enforcement Settings
You can select one of the following enforcement actions for a policy in Tenable.io Container Security:
|Set Compliance Status to False||
Use this action if you want to query Tenable.io Container Security for the policy compliance status of scanned container images.
If a scan of a container image identifies the condition specified in the policy, any API queries for the policy compliance status of the container image receive a false response (security test failed). For more information, see the description of the /policycompliance endpoint in the Tenable.io Container Security API guide.
This action is useful if you integrate Tenable.io Container Security with your CI/CD pipeline. For example, you can configure Jenkins to mark a build unstable if a container receives a failed compliance status from Tenable.io Container Security.
|Prevent/Block "docker pull"||
Use this action if you want to block pulls from the Tenable.io Container Security registry of any container image where a scan has identified the condition specified in the policy. For more information, see Pull from the Registry.