Use container image quarantine#
Enable container image quarantine, scan, and mark images as verified.
Image quarantine is a configurable option for Azure Container Registry (ACR).
When enabled, images pushed to the container registry are not available by default.
Each image must be verified and marked as
Passed before it is available to pull.
To verify container images, integrate with an external security tool that supports this feature.
Consider configuring a security tool to implement the image quarantine pattern. Enable image quarantine on the container registry to ensure each image is verified before use.
Image quarantine for Azure Container Registry is currently in preview.
- How do I enable automatic image quarantine for a registry?
- Quarantine Pattern
- Secure the images and run time
- Follow best practices for container security