Connect to Third-party Image Repository
HSS can connect to third-party image repositories and provides security detection and management capabilities for vulnerabilities, baselines, and malicious files, helping you detect security risks in images in a timely manner. This section describes how to connect a third-party image repository to HSS.
Constraints and Limitations
- Third-party cloud container clusters: Alibaba Cloud, Tencent Cloud, AWS, and Azure.
- Third-party image repositories: Harbor and JFrog.
Connecting to a Third-party Image Repository
- Log in to the management console.
- In the upper left corner of the page, select a region, click
, and choose Security & Compliance > HSS. - In the navigation pane, choose .
- Click the Third-Party Image Repository tab.
- Click Connect to Third-Party Image Repository.
- Enter the required information as prompted. For details about the parameters, see Table 1.
Figure 1 Connecting to a Third-party image repository
Table 1 Parameters for accessing an image repository Parameter
Description
Example Value
Jump Cluster
Select the cluster that carries the image repository.
cluster01
Scan Component Source
The image scan component is used to pull images, scan and analyze required metadata, and transmit the metadata to the server. The server performs security detection on the metadata, such as vulnerabilities, baselines, malicious files, and sensitive information.
The image scan component needs to be uploaded to the image repository. You can obtain the image scan component in either of the following ways:
- SWR: The cluster can communicate with SWR and obtain image scan components from SWR.
- Manually uploaded: If the network between the cluster and SWR is disconnected, you need to manually upload the image scan component to the image repository.
SWR
Image Repository Name
Enter the full name of an image repository.
test
Image Repository Type
Click
and select the type of the image repository.Harbor
Image Repository API Version
Click
and select the interface version of the image repository.V1
Image Repository Project
If you select Manually uploaded and the image repository type is Harbor, you need to enter image repository project information.
-
Image Repository Path
If you select Manually uploaded and set the image repository type to Jfrog, you need to enter the image repository path.
-
Communication Type
Select the communication protocol type of the image repository.
- http
- https
https
Image Repository Address
Enter the image repository address.
You can enter the website address or IP address:port number of the image repository.
Example: myharbor.com
myharbor.com
Username
Enter the login username.
-
Password
Enter the password of the login user.
-
- (Optional) If you select Manually uploaded for the scan component, perform the following operations to configure the scan components after entering the access information:
- Click Generate Command.
Figure 2 Generating a command
- Click ImageScanComponent.rar to download the scan component package.
Figure 3 Downloading a scan component
- Copy the ImageScanComponent.rar to any cluster node.
- Click Copy Command and run the copied command on the node where ImageScanComponent.rar is located to upload the scan component.
Figure 4 Copying a command
- If the information shown in Figure 5 is displayed, the scan component is uploaded successfully.
- Click Generate Command.
- Click OK to connect to the image repository.
- On the Third-party Image Repositories tab page, view the access result in the Image Repository Status column of the target image repository.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
