Scan images in Alibaba Cloud Container Registry

Configure Prisma Cloud to scan your Alibaba Cloud Container Registry. First, create a service account, and then specify the scan parameters.

Create a service account

Create a service account so Prisma Cloud can access your registry. Prisma Cloud needs the
AliyunContainerRegistryReadOnly
permission policy to query, download, and scan the images in your registry.
  1. In Alibaba Cloud, create a RAM account.
    Go to
    RAM > Users
    , and click
    Create User
    .
  2. Click
    Add Permissions
    .
  3. Search for
    registry
    , and then select
    AliyunContainerRegistryReadOnly
    .

Scan images in Alibaba Cloud Container Registry

To scan a repository in Alibaba Cloud Container Registry, create a new registry scan setting.
Prerequisites:
  • You’ve installed a Container Defender somewhere in your environment.
  • You’ve already created an Alibaba Cloud Container Registry.
  • You have the service account credentials.
  1. Open Console, and go to 
    Defend > Vulnerabilities > Registry
    .