[QuickStart.md] Error when running deploy-model-training-pipeline due to container security

[yvonnebarthp]

When running the deploy-model-training-pipeline.yml [QuickStart.md - Step "Inner Loop: Deploying Classical ML Model Development / Moving to Test Environment"] in DevOps I receive the following container security error:

##[warning]cv/aml-cli-v2/data-science/environment/Dockerfile - Container usage from external registry 'nvcr.io' found.
##[error]Container security analysis found 1 violations. This repo has one or more docker files having references to images from external registries. Please review https://aka.ms/containers-security-guidance to remove the reference of container images from external registries. Please reach out via teams (https://aka.ms/cssc-teams) or email ([email protected]) for any questions or clarifications.

I assume the problem is either this docker image here:
https://github.com/Azure/mlops-project-template/blob/62cd04cb283fb46580558e17117ed701f90dfcbe/classical/aml-cli-v2/mlops/azureml/train/train-env.yml#L3

Or this docker image:
https://github.com/Azure/mlops-project-template/blob/62cd04cb283fb46580558e17117ed701f90dfcbe/cv/aml-cli-v2/data-science/environment/Dockerfile#L2

[setuc]

Hi @yvonnebarthp
This is a known issue. This was a deliberate example to demonstrate to the users that you can use 3rd party repositories to build your containers. We also wanted to show that steps can be injected at an organization level to prevent 3rd party repos from being used similar to the ones that we have. Hence this docker container works as dual example to showcase the use of 3rd party repositories and also to prevent usage when needed.

I believe that we can better address this in the documentation and make it clear for the users.