acr icon indicating copy to clipboard operation
acr copied to clipboard

Published 20 hours ago verified publisher icon Azure

ACR Security Scan in CI/CD events triggered

Open gianlucagravina opened this issue 3 years ago • 3 comments

What is the problem you're trying to solve I would like to have a way to react, in my CI/CD pipeline, to security issues found in ACR

Describe the solution you'd like It would be useful having a webhook in ACR as we have for other events to be able to trigger when a scan in ACR is completed after push. I found a solution that use a polling of 5 minutes, that solution, unfortunately doesn't guarantee that the image I pushed is "clean" from a security perspective. If for some reason that scan is not completed yet, my pipeline could move the image into a production deployment exposing my environment to possible risks. Another possible solution could be introducing an api to query the acr scan status (something like pending, running, complete) we can poll and check to understand if we can finally get the status of the last security scan.

Additional context Add any other context or screenshots about the feature request here.

gianlucagravina avatar Feb 23 '22 01:02 gianlucagravina

@gianlucagravina Does this help? https://github.com/Azure/acr/tree/main/docs/preview/quarantine#image-pushed-webhook-notification Once the image pass the scan, a Image Pushed webhook will be triggered.

Wwwsylvia avatar Feb 24 '22 09:02 Wwwsylvia

@gianlucagravina Does this help? https://github.com/Azure/acr/tree/main/docs/preview/quarantine#image-pushed-webhook-notification Once the image passed the scan, a Image Pushed webhook will triggered.

This seems to be a good way to solve our problem. I will check this out. Thanks a lot for the super quick response!

Just noticed this is still in preview. Any public schedule for GA ?

gianlucagravina avatar Feb 24 '22 12:02 gianlucagravina

@gianlucagravina We don't have a public schedule yet, but we are trying to prioritize it. Please see https://github.com/Azure/acr/issues/499#issuecomment-989282061.

Wwwsylvia avatar Mar 01 '22 08:03 Wwwsylvia

Hi ACR product team, Any updates about going to GA status?

Kind regards, Dinant

dpaardenkooper avatar Apr 24 '23 06:04 dpaardenkooper

I'm very interested in the Quarantine feature. Is there any update on when the Quarantine feature will reach GA?

I've found Sonatype Repository Firewall to be very useful which can quarantine software dependencies until they are confirmed 'safe'. The Quarantine feature in ACR appears similar and would be a powerful tool to reduce chances of unsafe images being used.

BenjaminNeale-Heritage avatar Aug 07 '23 01:08 BenjaminNeale-Heritage

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 30 days.

github-actions[bot] avatar Nov 09 '23 01:11 github-actions[bot]

This issue was closed because it has been stalled for 30 days with no activity.

github-actions[bot] avatar Dec 10 '23 01:12 github-actions[bot]