Oracle Cloud Infrastructure Registry (OCIR)
Follow the steps below to add an Oracle Cloud Infrastructure Registry (OCIR) in order to scan it.
The OCIR scan is performed by Qualys Registry Sensor.
Prerequisites
- An OCIR that you want to scan
- Details from your OCI Account
- Authorization Token - This will be used as a password while creating a scan job on Qualys Enterprise TruRisk™ Platform
For example,{awL3UN1km(#OkyqMOiP
- Username
- Region Code where OCI Registry is deployed
For example,us-sanjose-9
- Tenancy Namespace
For example,aetqbmwbaeaz
- Authorization Token - This will be used as a password while creating a scan job on Qualys Enterprise TruRisk™ Platform
- Deployed Qualys Container Security Sensor in registry mode. Refer to the Sensor Deployment Guide for instructions.
Download Registry Sensor
Follow the steps below to download the latest Registry Sensor for your OCI Registry using Qualys Enterprise TruRisk™ Platform account.
- Log in to your Qualys Enterprise TruRisk™ Platform account.
- Go to Configurations > Sensors > Install Sensor.
- In Sensor Installation, Select Registry.
- Choose your container environment.
- You can install Registry Sensor using DockerHub or its Binary. Select the on-screen options based on the requirements and install the Registry sensor.
Add an OCI Registry in Qualys Enterprise TruRisk™ Platform
Follow the steps below to add and scan your OCI Registry using your Qualys Enterprise TruRisk™ Platform account.
- Ensure that your Registry sensor is in the Running state.
- Log in to your Qualys Enterprise TruRisk™ Platform account.
- Go to Assets > Registries > New Registry.
- Provide the registry information to add your OCI Registry.
Registry Name: <Name of your OCI Registry>
Registry Type: Docker-V2-Private
URL: https://<region-code>.ocir.io
Authentication: Enter authentication credentials for connecting to your registry. Use your OCIR User ID and Password.
- Username - <tenancy_namespace>/<username>
- Password - Your OCIR Authorization token - Click Next to go to Scan Settings.
- On Scan Settings page, provide the on-screen details and click Launch.
- Scan Settings: Choose On Demand if you want to scan the Registry immediately.
- Repository: Provide repository name in this format - <tenancy_namespace>/<repository_name>
Note: To scan all repositories present under Namespace, in the Repository field, use namespace/*.
You can also use the Container Security API to add a registry. See the Container Security API User Guide for details.