Beginning January 31, 2022, Vulnerability Advisor for IBM Cloud Container Registry will no longer replicate exemptions between IBM Cloud regions.
What are exemptions?
Exemptions are policies that exclude any matching vulnerabilities or configuration issues from Vulnerability Advisor reports. Exemptions are typically used when the issues are checked and found to be irrelevant to the account. The exemption status is displayed in the vulnerability report for any images that are within the policy’s scope.
For more information, see Setting organizational exemption policies.
What is the current behavior?
In some IBM Cloud Container Registry regions, exemptions are replicated for consistency. You can manage exemptions in one of these regions, and the settings for that region apply to all the regions that allow replication of exemptions. In all other regions, exemptions must be managed separately in each region and apply only in the region where the exemption is set.
Which regions currently replicate exemptions?
Exemptions are currently replicated in the following IBM Cloud regions:
au-syd (ap-south)
eu-de (eu-central)
eu-gb (uk-south)
jp-tok (ap-north)
us-south
Global
All other regions require separate exemption management.
Do I have any exemptions?
To find out whether you have any exemptions in a particular region, set the region by running ibmcloud cr region-set
and then run the ibmcloud cr exemption-list
command.
How does this change affect me?
Beginning January 31, 2022, all regions will require separate exemption management. Any existing exemptions created before this date in the replicated regions are still present after this date. However, any changes from this date must be performed in each region where you want the change to take effect.