Scanning image registries with the Vulnerability Advisor (VA)

You can scan image registries with the VA.

Configuring the Vulnerability Advisor to scan an image registry

Configure the Vulnerability Advisor to add, edit, and remove an image registry to be scanned.

Prerequisite:

• Ensure the VA node can connect to the Registry you want to scan by running the following command:

    docker login $registry_addr -u $username -p $password
  

• Add an image registry with the following steps:

  1. Create an image pull secret that IBM Cloud Private Kubernetes can use to pull an image from the image registry:

      kubectl -n kube-system create secret docker-registry $secret_name --docker-server=$registry_addr --docker-username=$username --docker-password=$password  --docker-email=$your_mail
     

  2. From the navigation menu in the VA user interface, click Tools > Vulnerability Advisor > kube-system > Registries.

  3. Click the Add New Registry button to open the Registry Configuration window.

  4. Enter the address of registry in Registry column.

  5. Select your registry type from the Type menu. Your options are dockerhub, artifactory, icp, harbor, or openshift.

  6. Enter the image pull secret name that you created.

  7. Define which images you want to scan by entering a scope string with regex format. Your scope string might resembele the following content:

      ".*"   means scan all images in the registry
      "^library"  means only scan images under path library/ in the registry
      "^library/va-crawler"  means only scan image `va-crawler` under path library/ in the registry
     

  8. Select True or False from the Enable menu to enable scanning on your registry.

  9. Save the configuration by clicking the Save button.

     An image registry is added.

• Edit your image registry with the following steps:

  1. Select an existing registry from the Select a registry drop-down menu.

  2. Edit your registry by clicking the Edit Selected Registry button.

  3. Click the Save button after you edit your configuration.

     Your image registry is edited.

• Remove an image registry with the following steps:

  1. Select an existing registry from the Select a registry drop-down menu.

  2. Edit your registry by clicking the Edit Selected Registry button.

  3. Remove your configuration by clicking the Delete button.

     Your image registry is removed.

The Vulnerability Advisor is configured to scan image registries.