Quarantine

Protect teams and build environments from using unwanted packages

When a package has been identified as a risk by a Bytesafe plugin, you will often want to protect developer and build environments from continued use of the package. And in most instances you want to do it without human interaction.

Bytesafe quarantine functionality allows you to do that, where packages deemed a risk can be held in a secure quarantine.

A quarantined package is essentially blocked from use until it’s released from quarantine. Quarantined package versions can’t be installed by developers or downstream registries, nor can it be pushed to upstream registries.

Screenshot Package card

Quarantined packages can be identified by the red border and marker in the workspace and all quarantined packages in a registry can be found by clicking on the quarantine metric on the registry dashboard.

Adding packages to quarantine

A package can either be manually quarantined from the workspace or automatically by a plugin or policy.

Manual quarantine of packages is performed by clicking Quarantine for a package version.

manual quarantine of package version

Automatic quarantine of packages is done by Vulnerability scanner or License scanner plugins - when automatic quarantine has been enabled in the plugin settings. See quarantine configuration for more information.

Issues and notifications

Automatic quarantine of packages by a plugin will also open issues in the workspace and trigger related notifications to active users in the registry.

Releasing packages from quarantine

Once the package has been audited and any related issues reviewed and fixed, the package can be released from quarantine, or deleted if deemed unwanted.

release package from quarantine


Configuration

Configure automatic quarantining of packages