In your JFrog Platform instance, go to Administration > Xray > Watches & Policies.
Click Create a Policy.
Call the security policy, High-Severity.
Click on New Rule.
Name the rule High-Severity and select High for the Minimal Severity. Click Save.
Click Create to create this new security policy.
Click on the Watches tab under Watches & Policies.
Click on Set up a Watch.
Name the new watch Docker-Scanning.
Click Add Repositories.
Move the repositories workshop-docker-local and workshop-docker-prod-local to the Included Repositories.
Click Manage Policies.
Move the High-Severity policy to the Included Policy.
Click Create to create the new watch. This watch will scan the workshop-docker-local and workshop-docker-prod-local Docker repositories for new images and check for high severity security vulnerabilities.
JFrog Xray scans your artifacts, builds and release bundles for OSS components, and detects security vulnerabilities and licenses in your software components. Policies and Watches allow you to enforce your organization governance standards. Setup up your Policies and Watches to reflect standard governance behaviour specifications for your organization across your software components.