Container Registry is ending exemption synchronization across regions on 31 January 2022
Beginning 31 January 31 2022, Vulnerability Advisor for IBM Cloud® Container Registry will no longer replicate exemptions between IBM Cloud regions.
The original announcement was published on 20 December 2021.
What are exemptions?
Exemptions are policies that exclude any matching vulnerabilities or configuration issues from Vulnerability Advisor reports. Exemptions are typically used when the issues are checked and found to be irrelevant to the account. The exemption status is displayed in the vulnerability report for any images that are within the policy’s scope.
For more information, see Setting organizational exemption policies.
What is the current behavior?
In some IBM Cloud Container Registry regions, exemptions are replicated for consistency. You can manage exemptions in one of these regions, and the settings for that region apply to all the regions that allow replication of exemptions. In all other regions, exemptions must be managed separately in each region and apply only in the region where the exemption is set.
Which regions currently replicate exemptions?
Exemptions are currently replicated in the following IBM Cloud regions:
au-syd(formerly known asap-south)eu-de(formerly known aseu-central)eu-gb(formerly known asuk-south)jp-tok(formerly known asap-north)us-southGlobal
All other regions require separate exemption management.
Do I have any exemptions?
To find out whether you have any exemptions in a particular region, set the region by running ibmcloud cr region-set and then run the ibmcloud cr exemption-list command.
How does this change affect me?
Beginning 31 January 2022, all regions will require separate exemption management. Any existing exemptions created before this date in the replicated regions are still present after this date. However, any changes from this date must be performed in each region where you want the change to take effect.