Docker discoveries

The Docker discoveries let you list the set of Docker images available from a registry, or pulled into an existing Docker deployment. The discovered Docker images can then be added to Cyberwatch with a grouped action for scanning.

Harbor registries

Prerequisites

Harbor registries discoveries need (one of the following):

  • A Harbor system administrator account to list the artifacts on all the projects
  • A robot account with permission to list the artifacts on all the projects
  • A guest account to list the artifacts only on public projects

To use the Harbor registry discovery, you need to add your Harbor registry as Docker Registry from the Stored credentials menu. You will then be able to add a Harbor registry discovery from the menu Discoveries, with clicking Add, then Harbor registry in the Docker images category. If the registry is properly configured, the discovery will list all the found Docker images.

On a Harbor registry, the Docker registry discovery will list all artifacts with a tag, and not just the images while the Harbor registry discovery allows to list all the images whether they have a tag or not.

Add the discovered Docker images

From the discovery assets list, you may see and filter the Docker images without any associated assets. To add them to Cyberwatch, pick the images you wish to scan and click Bulk actions > Scan as Docker images.

To scan an images, you will need a Docker engine. If you have not configured one yet, please refer to Add a Docker image.

Newly discovered Docker images can be automatically added to Cyberwatch as they are discovered. To enable this feature, you need to go to the discovery edition form and specify a Docker engine.

The registry is automatically selected based on the name of the discovered image. For instance, the image example.com/library/hello would automatically use the registry example.com, provided it has been added as a stored credential. New registries are automatically added as stored credentials, and you can manually edit them if they require authentication. You may in certain contexts select a preferred registry, but it will only be selected when the registry in the name of the discovered image matches the entry point of the registry.

Back to top