Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

About Container Image Control Policies

Container Image Control policies allow you to specify which containers are allowed to run on your infrastructure. These containers can run on Virtual Machines or clusters. Policies are enforced at the VM level.

The user activities reported by the Container Image Control policy are displayed on the Activities page. 

  • In Observe Mode, user activities generate events if a disallowed container runs on the VM.
  • In Enforce Mode, user activities generate events, and containers that are not allowed are also terminated and blocked. 

Container Image Control policies are supported for:

  • AWS
  • Microsoft Azure
  • Google Cloud Platform


The Container Image Control page is located at Policy > Container Image Control


The Container Image Control page provides the following information and actions:

  • Search. Search via the Omnibar
  • Filters. Select options on the Filters tab to scope down your search. 
  • Actions. 
    • Create Policy. 
    • Activate Policy. Select the checkbox for a policy and click Actions > Activate Policy
    • Deactivate Policy. Select the checkbox for a policy and click Actions > Deactivate Policy. Then click Deactivate Policy to confirm.
    • Delete Policy. Select the checkbox for a policy and click Actions > Delete Policy. Then click Delete Policy to confirm. 
    • Settings
  • Policy Name. Displays the name of the policy. Click the link to edit the policy. 
  • Status. Displays the status of the policy: active or inactive. 
  • Policy Mode. Displays the mode of the policy: observe or enforce. 
  • Platform. Displays the platform the policy applies to. 
  • Last Updated. Displays the date and time that the policy was last updated. 
  • Last Updated By. Displays the username that last updated the policy. 
  • Was this article helpful?