Configuring registry scanning ensures that only verified and compliant images are deployed across your cloud environments. You can configure container registry scanning during the onboarding process for managed registries such as Amazon Elastic Container Registry (ECR), Azure Container Registry (ACR), Google Artifact Registry (GAR), and Oracle Cloud Infrastructure (OCI) Artifact Registry.
If an account is already onboarded, you can modify its configuration to enable registry scanning as an Additional Security Capability to scan images for vulnerabilities, malware, and secrets.
Prerequisite:
Ensure that you have performed the all steps till Additional Security Capabilities as listed in the onboarding wizard for the required CSP:
To configure registry scanning, do the following:
Under Additional Security Capabilities, select Registry Scanning, then click Edit Preferences.
In Initial Scan Configuration, set your scanning process to focus on recently added or modified container images and exclude older ones that do not align with your current scanning objectives. This setting helps avoid unnecessary scans. Choose one of the following options:
All: Scans all container images, including all versions (tags), in all discovered repositories.
Latest Tags: Scans only images tagged 'latest' in all discovered repositories.
Days Modified: Scans container images created or modified in the last few days. You can select a range of up to 90 days for the scan.
Select Save.
After you configure your container registries, the system automatically starts a new scan. The connection process can take up to 15 minutes. To check the status of the data connector and view the registry scan results, go to the Cloud Instances page and select the relevant Instance Name from the list.
Next Steps.
After the scan completes, you can view the scanned images in the Container Image page. For more details, see Container Image assets.
You can also modify your cloud instances to manage them effectively. For more details, see Managing Cloud Instances.