Scanning external image registries with the Vulnerability Advisor (VA)

You can scan external image registries with the VA.

Configuring the Vulnerability Advisor to scan an external image registry

Configure the Vulnerability Advisor to add, edit, and remove an external image registry to be scanned.

Prerequisite:

• Ensure the VA node can connect to the Registry you want to scan by running the following command:

    docker login $registry_addr -u $username -p $password
  

1. Add an external image registry with the following steps:

   1. Create an image pull secret that IBM Cloud Private Kubernetes can use to pull an image from the external image registry:

       kubectl -n kube-system create secret docker-registry $secret_name --docker-server=$registry_addr --docker-username=$username --docker-password=$password  --docker-email=$your_mail
      

   2. From the navigation menu in the VA user interface, click Tools > Vulnerability Advisor > kube-system > Registries.

   3. Click the Add New Registry button to open the Registry Configuration window.

   4. Enter the address of registry in Registry column.

   5. Select your registry type from the Type menu. Your options are dockerhub, artifactory, icp, or harbor.

   6. Enter the image pull secret name that you created.

   7. Define which images you want to scan by entering a scope string with regex format. Your scope string might resembele the following content:

       ".*"   means scan all images in the registry
       "^library"  means only scan images under path library/ in the registry
       "^library/va-crawler"  means only scan image `va-crawler` under path library/ in the registry
      

   8. Select True or False from the Enable menu to enable scanning on your external registry.

   9. Save the configuration by clicking the Save button.

      An external image registry is added.

2. Edit your external image registry with the following steps:

   1. Select an existing registry from the Select a registry drop-down menu.

   2. Edit your registry by clicking the Edit Selected Registry button.

   3. Click the Save button after you edit your configuration.

      Your external image registry is edited.

3. Remove an external image registry with the following steps:

   1. Select an existing registry from the Select a registry drop-down menu.

   2. Edit your registry by clicking the Edit Selected Registry button.

   3. Remove your configuration by clicking the Delete button.

      Your external image registry is removed.

The Vulnerability Advisor is configured to scan external image registries.