Scanning your images to verify that they are free of known vulnerabilities or exposures to enhance your security posture.
Snyk integrates with many different systems to offer a centralized security console. In this article we will first use Snyk
Assumption
- Azure Container Registry (ACR) already exists
- Admin user in your ACR is enabled and you have the credentials to connect to the registry
- You already have a SNYK account (if not then create one at this address https://app.snyk.io/signup
- Your images are pushed to the ACR. As a reminder, in order to push your images to ACR, use the following commands
1 2 3 |
docker tag errm/cheese:cheddar {ACRNAMEREGISTRY}.azurecr.io/cheddar:latest docker push {ACRNAMEREGISTRY}.azurecr.io/cheddar:latest |
Configure SNYK to integrate with your ACR
1. Go to Settings > Integrations then click on Edit settings for ACR
2. Enter the required information to connect to your ACR (information available in Settings > Access Keys of your ACR on the Azure portal)
3. Click on Save
Select the images to scan
Now that the integration with your ACR is done, you can add the images you need to scan
1. Click on Add your ACR images to Snyk
2. Select the image(s) you want to add and click on Add selected repositories
Once added, Snyk will start scanning your image(s), which might take a bit of time.
Dashboard
Once the image(s) has been added to Snyk, you can navigate to the dashboard to see the reports and the vulnerabilities found.
Click on a specific image to see all the details