Scanning Docker images for vulnerabilities with OVHcloud Managed Private Registry

Find out how to scan Docker images for vulnerabilities with OVHcloud Managed Private Registry

Last updated 15th April 2022

OVHcloud Managed Private Registry service is a composite cloud-native registry which supports both container image management and Helm chart management.

This guide will explain how to activate the vulnerabilities scanner and manually scan an image in an OVHcloud Managed Private Registry service.

Before you begin

This tutorial presupposes that you already have a working OVHcloud Managed Private Registry and you have followed the guides on creating a private registry, connecting to the UI, managing users and projects and creating and using private images.

You should have at least one image in your Private Registry:

Docker image in OVHcloud Managed Private Registry

Instructions

You can scan your images on your private registry by using the Harbor UI.

Check that you have enabled a vulnerability scanner

By default, when you create a Private Registry in order to enable a vulnerabilities scanner you need to choose a M or L plan.

With the M and L plan, OVHcloud installs and maintains a vulnerability scanner for you: Trivy for Harbor version 2.x or Clair for Harbor version 1.x.

To verify if you have a vulnerability scanner in your private registry, go to Interrogation Services in the navigation bar.

Vulnerability scanner in OVHcloud Managed Private Registry

As you can see, Trivy is installed and ready to use.

If you want to manually add a vulnerability scanner, you can also do it with New Scanner. However, it will not be updated and maintaned by OVHcloud.

Scan a Docker image manually

You can manually scan a Docker image. To do that, access your project, select an image and click on Scan.

Scan Docker images in OVHcloud Managed Private Registry

The scanner starts scanning the image.

Scan Docker images in OVHcloud Managed Private Registry

The number of vulnerabilities is displayed.

Scan Docker images in OVHcloud Managed Private Registry

When you hover the vulnerabilities column, a chart with the vulnerabilities severity is displayed.

Scan Docker images in OVHcloud Managed Private Registry

Click on the image ID to display all vulnerabilities, ranked by severity.

Scan Docker images in OVHcloud Managed Private Registry

Scan all the images

You can also scan all your images manually in your private registry.

To do that, go to the Vulnerability tab and open Interrogation Services. Next, click on Scan Now.

Scan Docker images in OVHcloud Managed Private Registry

Scan all images regularly

You can schedule a scan:

  • hourly
  • daily
  • weekly
  • when you want (enter as a cron format)

For that, select the scheduling and click on the Save button.

Scan Docker images in OVHcloud Managed Private Registry

Go further

To have an overview of OVHcloud Managed Private Registry service, you can consult the OVHcloud Managed Private Registry site.

Join our community of users on https://community.ovh.com/en/.


Cette documentation vous a-t-elle été utile ?

N’hésitez pas à nous proposer des suggestions d’amélioration afin de faire évoluer cette documentation.

Images, contenu, structure… N’hésitez pas à nous dire pourquoi afin de la faire évoluer ensemble !

Vos demandes d’assistance ne seront pas traitées par ce formulaire. Pour cela, utilisez le formulaire "Créer un ticket" .

Merci beaucoup pour votre aide ! Vos retours seront étudiés au plus vite par nos équipes..


Ces guides pourraient également vous intéresser...

OVHcloud Community

Accedez à votre espace communautaire. Posez des questions, recherchez des informations, publiez du contenu et interagissez avec d’autres membres d'OVHcloud Community.

Echanger sur OVHcloud Community

Conformément à la Directive 2006/112/CE modifiée, à partir du 01/01/2015, les prix TTC sont susceptibles de varier selon le pays de résidence du client
(par défaut les prix TTC affichés incluent la TVA française en vigueur).