Scanned policy
Only allow packages scanned by the Vulnerability Scanner in a registry
The Scanned policy only allows packages that have been scanned by the vulnerability scanner plugin to be added to a registry.
This is useful to make sure that packages in a registry are scanned for security issues, regardless if they are pulled from an upstream or published by a user.
It’s a good practice to enable this for any registry containing releases to be used by other teams.
This policy can safely be added to a registry with the vulnerability scanner plugin enabled. Packages will be scanned before this policy takes action.
Use cases
- Secure registries - Make sure that packages in a registry are scanned for security issues, regardless if they are pulled from an upstream or published by a user.