import { ResourceValidationPolicy } from "@pulumi/policy";
declare namespace Repository {
    /**
     * Checks that ECR repositories use a customer-managed KMS key.
     *
     * @severity low
     * @frameworks hitrust, iso27001, pcidss
     * @topics container, encryption, storage
     * @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html
     */
    const configureCustomerManagedKey: ResourceValidationPolicy;
    /**
     * Checks that ECR repositories have 'scan-on-push' configured.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics container, vulnerability
     * @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
     */
    const configureImageScan: ResourceValidationPolicy;
    /**
     * Checks that ECR Repositories have immutable images enabled.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics container
     * @link https://sysdig.com/blog/toctou-tag-mutability/
     */
    const disallowMutableImage: ResourceValidationPolicy;
    /**
     * Checks that ECR Repositories are encrypted.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics container, encryption, storage
     * @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/encryption-at-rest.html
     */
    const disallowUnencryptedRepository: ResourceValidationPolicy;
    /**
     * Checks that ECR repositories have 'scan-on-push' enabled.
     *
     * @severity high
     * @frameworks hitrust, iso27001, pcidss
     * @topics container, vulnerability
     * @link https://docs.aws.amazon.com/AmazonECR/latest/userguide/image-scanning.html
     */
    const enableImageScan: ResourceValidationPolicy;
}
export { Repository };
