Container Inspection - Azure

Purpose

This document describes how to create access on Azure portal that can be configured in HIAB to discover and scan container images that resides in an Azure Container Registry.

Introduction

The Azure Portal is a single portal where applications can be accessed and managed in one place. Access on the Azure portal can be created so that it can be configured in HIAB to discover and scan container images that resides in an Azure Container Registry. 

Requirements

The current implementation of discovering and scanning an Azure container registry does NOT yet support Microsoft Azure RBAC model as described in the following Microsoft documentation https://docs.microsoft.com/en-us/azure/container-registry/container-registry-roles.

The only supported method is to configure and use admin access in the container registry as described in Microsoft documentation: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account

Configuring Azure Container Registry

To run Container Inspection on an Azure container registry, the Azure registry must be configured to provide access that later can be configured on the Outpost24 HIAB.

1. Enter Azure portal and open Container registries service.
   
   

   

   
   
   
2. Select the registry you want to enable Container Inspection for and click on it to open the specific registry information.
   
   

   

   
   
   
3. Click on the Access Keys entry in the Settings sub section to access the configuration and enable the Admin user to be reused later in the HIAB configuration.
   
   

   

   
   
   
4. Enable the Admin user by setting it to Enabled. This generates user/password access as follow:
   
   

   

Configuring HIAB

1. To configure Azure registry access, open HIAB Portal from the HIAB Main Menu, by clicking on Portal entry.
   
   

   

   
   
   
2. In the HIAB Portal, click on your initials in the top right corner to display the configuration panel.
   
   

   

   
   
   
3. Then click on the Credentials block to open the Credentials configuration page, which allows you to create new Docker Credentials.
4. Click on the green  Add credentials button on the bottom right corner to open the Add credentials panel..
   
   

   

   
   
   
5. The Add Credentials panel allow you to create Docker credentials.
   
   

   

   
   
   
6. Fill the empty field with all information from Azure portal as follow:
   
   

   

Note

Do not forget to add https:// in front of the Azure Login server field to obtain a valid URL

Scanning Azure Container Registries

The discovery and the scanning works as any other container inspection discovery or scanning. For example the discovery can be done as follows:

Reference

1. Microsoft documentation on Admin account for Azure container registry: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-authentication#admin-account
2. Microsoft Quickstart guide for Azure container registry: https://docs.microsoft.com/en-us/azure/container-registry/container-registry-get-started-portal

_Copyright

_{© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}