Skip to main content
Endor Labs provides the following policies to help assess and improve the security posture of your container images. This policy scans container images to detect operating system dependencies or components that have reached end of life (EOL). It is disabled by default and must be enabled in Finding Policies. If a dependency reaches EOL after the initial scan, containers do not need to be re-scanned. The analytics scan automatically detects the change and raises a finding without requiring a rescan.
This policy detects end of life status only for OS-level packages and components.
Endor Labs provides the following container image finding policy template to detect if a base image is not permitted by an organization. See Finding Policies for details on how to create policies from policy templates.