TOC & Recently Viewed

Recently Viewed Topics

Policy Enforcement Settings

You can select one of the following enforcement actions for a policy in Container Security:

Option Description
Set Compliance Status to False

Use this action if you want to query Container Security for the policy compliance status of scanned container images.

If a scan of a container image identifies the condition specified in the policy, any API queries for the policy compliance status of the container image receive a false response (security test failed). For more information, see the description of the /policycompliance endpoint in the Container Security API guide.

This action is useful if you integrate Container Security with your CI/CD pipeline. For example, you can configure Jenkins to mark a build unstable if a container receives a failed compliance status from Container Security.

Prevent/Block "docker pull"

Prevents Docker from pulling any image from the Container Security registry that Container Security scanned and identified as having a condition specified in the policy.

Copyright © 2020 Tenable, Inc. All rights reserved. Tenable,, Tenable Network Security, Nessus, SecurityCenter, SecurityCenter Continuous View and Log Correlation Engine are registered trademarks of Tenable, Inc.., Lumin, Assure, and the Cyber Exposure Company are trademarks of Tenable, Inc. All other products or services are trademarks of their respective owners.