Hello Cleber Ramos
Thanks for responding back on this.
To put an image in Quarantine, scan it for vulnerabilities, and then remove it from Quarantine, you can follow these steps:
-Push the image to your ACR instance using the docker push
command. For example:
docker push <acr-name>.azurecr.io/<image-name>:<tag>
Replace <acr-name>
with the name of your ACR instance, <image-name>
with a name for your image, and <tag>
with a tag for your image.
-Enable Quarantine for your ACR instance using the Azure CLI command:
az acr config content-trust update --name <acr-name> --status Enabled
-Put the image in Quarantine using the Azure CLI command:
az acr quarantine create --name <acr-name> --image <image-name>:<tag>
Replace <acr-name>
with the name of your ACR instance, <image-name>
with the name of your image, and <tag>
with the tag of your image.
-Scan the image for vulnerabilities using the Azure CLI command:
az acr repository show-manifests --name <acr-name> --repository <image-name> --detail --query "[].{digest:digest, tags:tags}" --output table
Replace <acr-name>
with the name of your ACR instance and <image-name>
with the name of your image.
This command shows the details of the image, including its digest and tags.
-Remove the image from Quarantine using the Azure CLI command:
az acr quarantine delete --name <acr-name> --image <image-name>:<tag>
Replace <acr-name>
with the name of your ACR instance, <image-name>
with the name of your image, and <tag>
with the tag of your image.
This command removes the image from Quarantine and makes it available for use.
Note that Quarantine is a feature of Azure Container Registry that allows you to prevent images with known vulnerabilities from being used. By default, Quarantine is not enabled for new ACR instances. You need to enable it using the Azure CLI command az acr config content-trust update
.
Hope this helps.