Configure automatic quarantining of packages
When a package has been identified as a risk by a Bytesafe plugin, you will often want to protect developer and build environments from continued use of the package. And in most instances you want to do it without human interaction.
Bytesafe quarantine functionality allows you to do that, where packages deemed a risk can be held in a secure quarantine.
A quarantined package is essentially blocked from use until it’s released from quarantine. Quarantined package versions can’t be installed by developers or downstream registries, nor can it be pushed to upstream registries.
Quarantined packages can be identified by the red border and marker in the workspace and all quarantined packages in a registry can be found by clicking on the quarantine metric on the registry dashboard.
Adding packages to quarantine
Manual quarantine of packages is performed by clicking Quarantine for a package version.
Automatic quarantine of packages is done by Vulnerability scanner or License scanner plugins - when automatic quarantine has been enabled in the plugin settings. See quarantine configuration for more information.
Issues and notifications
Automatic quarantine of packages by a plugin will also open issues in the workspace and trigger related notifications to active users in the registry.
Releasing packages from quarantine
Once the package has been audited and any related issues reviewed and fixed, the package can be released from quarantine, or deleted if deemed unwanted.