Creating an assurance policy

Rights to manage security policy settings are required to add a security policy in Kaspersky Container Security.

To add an assurance policy:

1. In the Policies → Assurance policy section, click the Add policy button.

   The policy settings window opens.

2. Enter a policy name and, if required, policy description.
3. In the Scope field, select the scope for the image security policy from the available options.

   If you plan to implement the policy with the global application scope, one of your user roles must be granted the rights to view global application scopes.

4. Specify the actions that Kaspersky Container Security should perform in accordance with the policy:
   • Fail CI/CD step – if Kaspersky Container Security scanner detects security risks while scanning the image in the CI/CD pipeline matching the severity level specified in the policy, the scanning ends with an error (Failed). This result is transferred to the CI system.
   • Label images as Non-compliant – Kaspersky Container Security labels images with the detected security risks that meet the criteria specified in the policy.
5. In the Vulnerability level section, configure the following settings:
   • Use the Enabled/Disabled toggle switch to configure the scan based on the vulnerability severity level.
   • Set the assigned severity level based on the vulnerability databases. You can select this from the Severity level drop-down list or specify a severity score from 0 to 10.
   • Use the Enabled/Disabled toggle switch to configure blocking in case of specific vulnerabilities and specify these vulnerabilities in the Vulnerabilities field.
6. In the Malware section, use the Enabled/Disabled toggle switch to configure scanning for malware in the image.
7. In the Misconfigurations section, configure the following settings:
   • Use the Enabled/Disabled toggle switch to configure the scan based on the misconfiguration severity level.
   • Select the misconfiguration severity level from the Severity level drop-down list.

     The severity level is assigned based on the vulnerability databases.

8. In the Sensitive data section, configure the following settings:
   • Use the Enabled/Disabled toggle switch to configure the scan based on the sensitive data severity level.
   • Select the sensitive data severity level from the Severity level drop-down list.

     The severity level is assigned based on the vulnerability databases.

9. Click Save.

By default, the added policy is Enabled.