We’ve just released a new feature and custom policy rule in Datree for Docker images.
The policy allows you to whitelist and blacklist Docker images and versions in your projects.
By blacklisting you can prevent devs from using images with security vulnerabilities, deprecated images, or images with components that are no longer maintained.
Say your team uses Alpine and you learn that Alpine v3.3-3.5 has a security vulnerability issue. You can go to Datree and see which repositories are currently using the image, and enable a Docker image policy that blocks developers from using the image.
Or you can use this policy to find and prevent usage of a deprecated image like jenkins/jenkins. Another example would be if your codebase is written in Python, you can use this policy to ensure noone is using Python 2.7 that’s no longer maintained.
Conversely, by whitelisting certain images and their versions as the only ones devs can use, you can ensure consistency and reduce maintenance burden.
See all versions of Docker images across all repos:
See in which repos the Docker images are being used:
Enforce your Docker image policy in pull requests:
To start using this policy, simply go to Custom Rules then create a new “custom Docker image” rule.
I was really happy to give this interview to Jeff Meyerson on Software Engineering Daily, talking about DevOps, GitOps, software quality and how Datree can
During this year’s AWS Summit TLV, I attended the GraphDB presentation on the innovation track. What made this session stand out was that the track…
The Serverless Framework is one of the oldest (and still going strong!) deployment frameworks around for serverless applications. It’s my framework of choice and enjoys a great deal of support from the community in terms of contributions as well as plugins. In fact, its ecosystem of plugins is one of its greatest strengths compared with