Scan images in Alibaba Cloud Container Registry
Configure Prisma Cloud to scan your Alibaba Cloud Container Registry.
First, create a service account, and then specify the scan parameters.
Create a service account
Create a service account so Prisma Cloud can access your registry.
Prisma Cloud needs the
AliyunContainerRegistryReadOnly
permission policy to query, download, and scan the images in your registry.- In Alibaba Cloud, create a RAM account.Go toRAM > Users, and clickCreate User.
- ClickAdd Permissions.
- Search forregistry, and then selectAliyunContainerRegistryReadOnly.
Scan images in Alibaba Cloud Container Registry
To scan a repository in Alibaba Cloud Container Registry, create a new registry scan setting.
Prerequisites:
- You’ve installed a Container Defender somewhere in your environment.
- You’ve already created an Alibaba Cloud Container Registry.
- You have the service account credentials.
- Open Console, and go toDefend > Vulnerabilities > Registry.
- ClickAdd registry.
- In theAdd New Registry Setting Specificationdialog, enter the following values:
- In theVersiondrop-down list, selectDocker Registry v2.
- In theRegistryfield, enter the Fully Qualified Domain Name (FQDN) for the registry. For example,registry-intl.cn-hangzhou.aliyuncs.com.
- In theRepositoryfield, enter the name of the repository to scan. Example:library/alpine.
- In theTagfield, enter an image tag. Leave this field blank to scan all images, regardless of their tag.
- In theCredentialfield, configure how Prisma Cloud authenticates with Alibaba Cloud Container Registry.Select a credential from the drop-down list. If there are no credentials in the list, clickAdd new, and create aBasic authenticationcredential with the service account username and password.
- In theOS typefield, specify whether the repo holdsLinuxorWindowsimages.
- InScanner, selectAutomatic.Console automatically selects an available Defender to execute the scan job. Alternatively, you can explicitly select a Defender from the drop-down list. Defenders are listed according to the hosts where they run. For more information, see deployment patterns.
- InNumber of scanners, enter the number of Defenders across which scan jobs can be distributed.
- InCap, limit the number of images to scan.SetCapto5to scan the five most recent images, or enter another value to increase or decrease the limit. SetCapto0to scan all images.
- ClickAdd.
- Click the yellow save button.
- Verify that the images in the repository are being scanned.
- Go toMonitor > Vulnerabilities > Registry.A progress bar shows the status of the current scan. As the scan of each image is completed, its findings are added to the results table.
- To get details about the vulnerabilities in an image, click on it.To force a specific repository to be scanned again, select it from the drop-down menu on the top right of the results table, then click theScanbutton.
Recommended For You
Recommended Videos
Recommended videos not found.