Download our latest report - State of Container Security DOWNLOAD NOW

Policy Enforcement

The container ecosystem introduces a number of new dimensions that must factor into your security policies for protecting your applications.

The StackRox platform analyzes data across images, container runtimes, orchestrator settings, CIS benchmark scans, network policies, secrets, and container configurations to define multi-factor policies for your container environment. You can use StackRox to automatically prevent high-risk services from ever being deployed.

A technology company providing a SaaS offering runs its containers and StackRox on a major public cloud platform. To protect the sensitive data of its own clients, the company relies on StackRox to enforce both industry best practices and its own company-developed policies across its container environment.


Leverage out-of-the-box policies

StackRox provides deployment policies that incorporate multiple factors to reduce your container attack surface, such as vulnerabilities with threshold CVSS scores, configurations including open ports, and packages and tools that can be used by attackers during runtime.

Build a complete picture

Define custom policies

StackRox lets you build your own multi-factor policies that combine industry-standard and enterprise-specific information. Policies also allow you to specify the criticality of alerts, custom metadata, and whether StackRox should automatically take responsive action when violations are detected.

Generate summary reports

Take action on violations

With StackRox, you can configure a range of responses when threats are detected or policy violations occur, including failing a CI build, sending alert notifications to your existing SIEM or incident management systems, blocking deployment of new services, and killing running containers.