Some examples of this would be to generate a policy of exclusions from an image that is already known as compliant.
Example:
grant policy --exclude image:base:latest
^ This would generate a policy that has exceptions for the packages and their license associations in the base image.
When a user goes to use grant against a production image built with the above they will know they are only keying on licenses introduced during a build process. The grant policy would exclude licenses/packages from the base image
Some examples of this would be to generate a policy of exclusions from an image that is already known as compliant.
Example:
^ This would generate a policy that has exceptions for the packages and their license associations in the base image.
When a user goes to use grant against a production image built with the above they will know they are only keying on licenses introduced during a build process. The grant policy would exclude licenses/packages from the base image