Scan images on Artifactory Docker Registry

Artifactory is a service for hosting and distributing container images. Artifactory lets you segment the service by repository key, so that you can allocate dedicated registries per project, team, or any other facet. Repositories can be accessed with the Docker client. A repository is a collection of related images, versioned by tag.
Artifactory lets you configure how images in the repository are accessed with a setting called the Docker Access Method. Prisma Cloud supports the subdomain method and the repository method. The port method is not supported.
In the subdomain model, the repository is accessed through a reverse proxy. Each Docker repository is individually addressed by a unique value, known as the repository key, positioned in subdomain of the registry’s URL.
$ docker {pull|push} <REPOSITORY_KEY><IMAGE>:<TAG>
In the repository path model, each repository can be directly addressed. The repository key is part of the path to the image repo.
$ docker {pull|push}<REPOSITORY_KEY>/<IMAGE>:<TAG>
Artifactory recommends that the subdomain method be used for production environments. The repository model is suitable for small test setups and proof of concepts.

Configuring Prisma Cloud to scan images in your registry

To scan images in a JFrog Artifactory Docker registry (on-prem/self-hosted version only), create a new registry scan setting. You have a couple of options for setting up your scan on Prisma Cloud:
1) Autodiscover and scan all images in all repos across the Artifactory service for versions of Artifactory greater than or equal to 6.2.0. In the registry scan settings, set the version to
JFrog Artifactory
and set the registry address to your reverse proxy.
JFrog Cloud is not supported.
2) Scan all repositories under a repository key for the subdomain method. Repository keys effectively subdivide the Artifactory service into stand-alone fully-compliant Docker v2 registries. In the registry scan settings, set the version to
Docker Registry v2
, and set the registry address to the full path to the "sub-registry". For example: https://<REPOSITORY_KEY>
You have installed a Defender somewhere in your environment.

Last downloaded date

JFrog Artifactory lets security tools download image artifacts without impacting the value for the
Last Downloaded
date. This is especially important when you depend on artifact metadata for purge/clean-up policies.
The Prisma Clou