Purpose

The purpose of this document is to describe how to create access on Azure portal that can be configured in HIAB to discover and scan container images that resides in an Azure Container Registry.

Introduction

The Azure Portal is a single portal where applications can be accessed and managed in one place. Access on the Azure portal can be created so that it can be configured in HIAB to discover and scan container images that resides in an Azure Container Registry. 

Requirements

The current implementation of discovering and scanning an Azure container registry does NOT yet support Microsoft Azure RBAC model as described in the following Microsoft documentation https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles.

The only supported method is to configure and use admin access in the container registry as described in Microsoft documentation: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account

Configuring Azure Container Registry

To run Container Inspection on an Azure container registry, the Azure registry must be configured to provide access that later can be configured on the Outpost24 HIAB.

  1. Enter Azure portal and open Container registries service.

    Container Registries

  2. Select the registry you want to enable Container Inspection for and click on it to open the specific registry information.

    Select Registry

  3. Click on the Access Keys entry in the Settings sub section to access the configuration and enable the Admin user to be reused later in the HIAB configuration.

    Access Keys

  4. Enable the Admin user by setting it to Enabled. This generates user/password access as follow:

    Admin User


Configuring HIAB

  1. To configure Azure registry access, open HIAB Portal from the HIAB Main Menu, by clicking on Portal entry.

    Main Menu

  2. In the HIAB Portal, click on your initials in the top right corner to display the configuration panel.

    HIAB Portal

  3. Then click on the Credentials block to open the Credentials configuration page, which allows you to create new Docker Credentials.
  4. Click on the green  Add credentials button on the bottom right corner to open the Add credentials panel..



  5. The Add Credentials panel allow you to create Docker credentials.

    Add Credentials

  6. Fill the empty field with all information from Azure portal as follow:

    Add Credentials


Note

Do not forget to add https:// in front of the Azure Login server field to obtain a valid URL

Scanning Azure Container Registries

The discovery and the scanning works as any other container inspection discovery or scanning. For example the discovery can be done as follows:

Scanning Azure Container Registries


Reference

  1. Microsoft documentation on Admin account for Azure container registry: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account
  2. Microsoft Quickstart guide for Azure container registry: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal




Copyright

© 2021 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® in Sweden and other countries.