tencent cloud

Feedback

Repository Image

Last updated: 2024-10-30 14:51:07
    This document describes the repository image feature and how to enable data scan and view the repository image list.
    Note:
    The following image repositories are supported:
    TCR/CCR
    Third-party image repositories: Harbor, Quay, JFrog, and AWS.

    Prerequisites

    TCSS with image scanning has been purchased.

    Connecting to TCR/CCR

    TCSS and TCR/CCR are integrated by default to scan TCR and CCR images.
    Note:
    By default, TCSS requests TCR repository assets over the public network. If you enable access control for your repository instance, you need to add the service IP range to the allowlist before use or switch the network type. On the Repository Images page, click Operation Guide at the top to add the IP to the allowlist or switch to VPC as instructed.
    For first-time use, you need to manually synchronize repository image assets. ClickRepository Images page at the top right and select Syn assets to update repository image assets. The initial synchronization may take a long time.
    The backend will automatically update the repository image data between 0:00 AM and 3:00 AM every day.

    Connecting to Harbor

    1. Log in to the TCSS console and select Image Risk Control > Repository Images on the left sidebar.
    2. On the Repository Images page, click Image repository management in the top-right corner.
    
    3. In the image repository list, click Add image repository.
    4. In the Add image repository pop-up window, configure parameters and click OK.
    
    Parameters:
    Parameter
    Description
    Instance name
    Enter the image repository name, which is unique and cannot be left empty.
    Repository type
    Select a third-party image repository, which can be Harbor.
    Version
    Select the third-party image repository version, which can be:
    V1: The image repository version of 1.X.X.
    V2: The image repository version of 2.X.X or later.
    Network type
    Select the network access type of the third-party image repository, which can be Public network.
    Region
    Select the region of the third-party image repository, which is Default region for Harbor.
    Address
    Enter the access address of the third-party image repository.
    Username
    Enter the username for accessing the third-party image repository.
    Password
    Enter the password for accessing the third-party image repository.
    Limit
    Select the number of images that can be pulled synchronously every hour. Valid values: 5, 10, 20, 50, 100, 500, 1000, unlimited (default).
    Validate remote certificates
    Specify whether to verify the certificate of the remote image repository for image sync. If the repository uses a self-signed or non-trusted certificate, do not select this option. By default, this option is selected.

    Enabling Data Scan

    On the Repository Images page, the data scan module displays the number of images at risk, total number of images, and the numbers of vulnerabilities, viruses, trojans, and sensitive data pieces in the images after the last scan.

    Enabling quick scan

    1. On the Repository Images page, click Scan now on the right to get the latest image data or risk information.
    
    2. On the Scanning settings page, select the Risk category and Images as needed.
    Risk category: Vulnerabilities or Sensitive data.
    Timeout setting: If a single scan duration exceeds the preset duration, it is considered a scan failure.
    Image: Recommended images , All images , and Specified images . Click
    
    or
    
    to select or delete the target specified image.
    Note:
    You can press Shift to select multiple ones.
    
    3. After selecting the target content, click Scan now.
    Note:
    After the scan starts, images with the same ID will be scanned, and only one scan quota will be consumed.

    Enabling scheduled scan

    1. On the Repository Images page, click Scheduled scan settings on the right to specify whether to enable the scheduled scan feature.
    
    2. On the Scheduled scan settings page, toggle on the On/Off switch and set the Frequency, Risk category, and Images as needed.
    Frequency: It can be every day, every 7 days, every 15 days, every 30 days, or a specified time range.
    Risk category: Click
    
    to select Vulnerabilities , Sensitive data , or Virus & Trojan as needed.
    Image: Recommended images , All images , and Specified images . Click
    
    or
    
    to select or delete the target specified image.
    Note:
    You can press Shift to select multiple ones.
    
    3. After selecting the target content, click Set or Cancel.

    Viewing the List of Repository Images

    Log in to the TCSS console and select Image Risk Control > Repository Images on the left sidebar.

    Filtering images

    On the Repository Images page, filter images as follows:
    Click the scanning status drop-down list to filter images by scanning status.
    
    Click the security status drop-down list to filter images by security status.
    
    Click the repository type drop-down list to filter images by repository type.
    
    Click the search box and search for images by keyword such as image name or image digest.
    

    Exporting an image

    On the Repository Images page, click
    
    to select the target image repository and click
    
    to export it.
    

    Viewing the list details

    On the Repository Images page, click Details to display the drawer on the right, which displays the image risk information, details, and list of vulnerabilities.
    Note:
    Image risk: It indicates whether the image scan is successful and the numbers of vulnerabilities, viruses, trojans, and sensitive data pieces.
    Image details: It includes the image name, image digest, and image size.
    Vulnerability list: You can filter image security vulnerability events by vulnerability severity or search for them by vulnerability name. Click View details to view the vulnerability details and fix suggestion.
    Virus and trojan list: You can filter image security events by virus or trojan severity or search for them by filename. Click View details to view the virus or trojan details and suggestion.
    Sensitive data list: You can filter security events by sensitive data severity, name, or type.
    Image build history: It logs the image build history.
    

    Image scanning

    1. On the Repository Images page, click Scan now > OK to scan an image in "Not scanned" status.
    
    2. On the Repository Images page, click Cancel scanning to cancel scanning an image in "Scanning" status.
    Note:
    Click
    
    to select multiple images and then click Cancel scanning to cancel the scan tasks.
    
    3. On the Repository Images page, click Scan again after the previous scan task ends to scan the image again.
    Note:
    Click
    
    to select multiple images and then click Scan again to batch rescan them.
    

    Custom list management

    1. On the Repository Images page, click
    
    to pop up the Custom List Management window.
    2. In the pop-up window, select the target type and click OK.
    

    Fields in the list

    1. Image repository address: Source address of the repository image.
    2. Repository type: Type of the image repository, which can be TCR or CCR.
    3. Image version: Tag of the repository image.
    4. Last scanned: The time of the last scan.
    5. Risks: Type of the risks to the container.
    6. Status: Container scanning status, which can be Scanned, Not scanned, Scanning, Cancelled, or Scan exception.
    Note:
    We recommend you scan again in case of an exception.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support