We have AKS and using images from our private acr and dockerhub images. Could see that default security policies applied to the subscription and which giving high security vulnerabilities recommendations for the trusted images. Upon checking noticed that allowed container images regex pointing to default regex ^(.+){0}$.
This will be the reason for this alerts?. How can we make certain acr and docker hub images only secure by modifying the regex
This seems to work for multiple registries:
^(docker\.io|quay\.io|k8s\.gcr\.io|[^\/]+\.azurecr\.io).*$