Trigger registry scans with webhooks
You can use webhooks to trigger a scan when images in your registry’s repositories are added or updated.
Prisma Cloud supports webhooks for:
Prisma Cloud requires Docker Registry 2.4 or later.
Google Container Registry and Amazon EC2 Container Registry do not currently support webhooks.
For Docker Hub, you must have Automated Builds enabled for your repository. Docker Hub webhooks are called when an image is built or a new tag is added to your automated build repository.
For Docker Private Registry, webhooks are called when manifests are pushed or pulled, and layers are pushed or pulled. Prisma Cloud scans images in response to layer push events.
For Azure Registry, you can configure webhooks for your container registry that generate events when certain actions are performed against it. See Azure’s documentation for more information.
The benefit of webhook-initiated scans is that they are triggered as soon as images change, but support is limited to Docker Hub, Docker Registry, and Azure Registy. Prisma Cloud also supports scheduled registry scans, with support for almost all registry types, including Google Container Registry and Amazon EC2 Container Registry.
Securing Console’s management port
Webhooks call the Prisma Cloud API on Console’s management ports over either HTTP or HTTPS.
Although it is convenient to test webhooks with HTTP, we strongly recommend that you set up webhooks to ca