Google Registries Scanning with Container Inspection
This document describes how to create access for Google Cloud Platform portal from a HIAB.
The Google Cloud Platform portal can be configured in HIAB to discover and scan container images that resides in a Google Container Registry.
To use Google API, you need to ensure that the Cloud API are enabled.
Login to your Google Cloud Account open the left menu and select APIS & Services > Library entry.
- Enter Cloud Resource Manager API in the search bar.
- Select the Cloud Resource Manager API to ensure it is enabled.
- Enter Google Cloud Platform console and open IAM & Admin > Service Accounts console by clicking on the entry on the top left menu.
- Create a service account with access to the Google Container Registry by clicking on the CREATE SERVICE ACCOUNT button on the top.
- Fill the different settings for the service account and then click on CREATE button.
- Grant access Container Registry access and then click DONE button.
- Once the Service Account is created, create a Key as follow.
- Choose JSON format to generate the credentials and save them locally (they will be needed later on while configuring GCP credentials in OUTPOST24 software).
- Once you have created the service account with JSON key type, you need to then create an authentication token as described in Google documentation here: https://cloud.google.com/container-registry/docs/advanced-authentication#token
- You need to install gcloud client and then run the following command line by replacing:
- the <ACCOUNT> with your account name with following format [USERNAME]@[PROJECT-ID].iam.gserviceaccount.com (this is the email parameter in the JSON key file)
- the <KEY_FILE> with the JSON key file you created in previous step
Google gcloud command to generate an access token
gcloud auth activate-service-account <ACCOUNT> --key-file=<KEY_FILE> gcloud auth print-access-token
Later on you will need to use the following parameter in OUTPOST24 software to configure Google Container Registry:
- oauth2accesstoken as Username
- https://eu.gcr.io as Docker Registry
- the access token as Password
Example of the gcloud command output:
Example of the OUTPOST24 software configuration.
Example of a Docker Discovery scan.
© 2023 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.
Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.