GitHub Container Registry

Follow the steps mentioned below to add a GitHub Container registry to scan it.

Providing Registry Information

  1. Download the Registry sensor (Sensor version 1.32 or later). Go to Configurations > Sensors > Download Sensor and pick Registry. Select the environment where you want to deploy the sensor and follow the installation instructions on the screen. Ensure the registry sensor is in the Running state and continue to the next step.
  2. Go to Assets > Registries > New Registry to add your registry and set up a scanning schedule.
  3. Provide the following information:
    • Registry Type: Choose registry type GitHub Container Registry.
    • URL: By default, https://ghcr.io link is auto-selected for this registry.
    • Authentication: Enter authentication credentials to connect to your registry. You can provide personal, organizational, or enterprise account credentials. Make sure you are using GitHub's Classic Personal Access token, and it should have at least read:packages permission to the registries.

  4. After adding registry information, click Next to enter scan settings.
  5. On the Scan Settings page, choose to scan immediately (On Demand) or on an ongoing basis (Automatic).

Providing Scan Settings

Scan settings vary based on your type of account. 

If you are using a Personal account,

  1. Provide registry information as mentioned in Providing Registry Information
  2. On the Scan Settings page, choose to scan immediately (On Demand) or on an ongoing basis (Automatic).
  3. Provide the repository name in <user_name>/<repository_name> format. 
  4. Provide filter type and image tags. Click Add.
  5. (Optional) Select the Scan all images checkbox to scan all images.
  6. Click Launch  to launch the new GHCR registry schedule.

 

If you are using an Organization or Enterprise account,   

  1. Provide registry information as mentioned in Providing Registry Information.
  2. On the Scan Settings page, choose to scan immediately (On Demand) or on an ongoing basis (Automatic).
  3. Select This is an Organization Account checkbox and provide an organization name.
  4. Enter repository name in <organization_name>/<repository_name> format.
  5. Provide filter type and image tags. Click Add.
  6. (Optional) Select Scan all images checkbox to scan all images.
  7. Click Launch to launch the new GHCR registry schedule.

The scan job gets scheduled using the selected settings.