Skip to main content
Skip table of contents

Google Registries Scanning with Container Inspection


This document describes how to create access for Google Cloud Platform portal from a HIAB.


The Google Cloud Platform portal can be configured in HIAB to discover and scan container images that resides in a Google Container Registry.


To use Google API, you need to ensure that the Cloud API are enabled.

  1. Login to your Google Cloud Account open the left menu and select APIS & Services > Library entry.


  2. Enter Cloud Resource Manager API in the search bar.

    Cloud Resource Manager API

  3. Select the Cloud Resource Manager API to ensure it is enabled.

    Cloud Resource Manager API

Configuring Google Container Registry

To run Container Inspection on an Google container registry, the Google registry must be configured to provide access that later can be configured on the Outpost24 HIAB.

  1. Enter Google Cloud Platform console and open IAM & Admin > Service Accounts console by clicking on the entry on the top left menu.

  2. Create a service account with access to the Google Container Registry by clicking on the CREATE SERVICE ACCOUNT button on the top.

    Create Service Account

  3. Fill the different settings for the service account and then click on CREATE button.


  4. Grant access Container Registry access and then click DONE button.

    Container Registry

  5. Once the Service Account is created, create a Key as follow.


  6. Choose JSON format to generate the credentials and save them locally (they will be needed later on while configuring GCP credentials in OUTPOST24 software).

    Key Type JSON

  7. Once you have created the service account with JSON key type, you need to then create an authentication token as described in Google documentation here:
  8. You need to install gcloud client and then run the following command line by replacing:
  • the <ACCOUNT> with your account name with following format [USERNAME]@[PROJECT-ID] (this is the email parameter in the JSON key file)
  • the <KEY_FILE> with the JSON key file you created in previous step

Google gcloud command to generate an access token

gcloud auth activate-service-account <ACCOUNT> --key-file=<KEY_FILE>
gcloud auth print-access-token


Later on you will need to use the following parameter in OUTPOST24 software to configure Google Container Registry:

  • oauth2accesstoken as Username
  • as Docker Registry
  • the access token as Password


Example of the gcloud command output:

gcloud command output

gcloud command output

Example of the OUTPOST24 software configuration.


Example of a Docker Discovery scan.

Docker Discovery scan



© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.


Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.