...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
docker.scanImages | Runs scans on all or specified images. When set to True, only the Docker container scan and Linux packages scan will occur. See here for more information on scanning Docker images. | Only the Docker Image scan and Package Manager scan (scanPackageManager) will take placeand Linux packages scan will occur. | Image scan will not happentake place. | False | -docker.scanImages | ||||||
docker.includes | Comma, space or line-delimited list specifying which images to include in the scan. Values provided should come from either of the following:
| N/A | N/A | The default value is ".*.*" (All images will be scanned) | No | ||||||
docker.excludes | Comma, space or line-delimited list specifying which images to exclude in the scan. Values provided should come from either of the following:
| N/A | N/A | The default value is "" (No images will be excluded) | No | ||||||
docker.pull.enable | Whether to execute "pull" from all from all relevant registries | Executes 'pull' from all relevant registries | Will not pull anything | False | No | ||||||
docker.pull.images | Pull Docker images that match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | The default value is "" (all images will be pulled) | No | ||||||
docker.pull.maxImages | Defines the maximum number of images to be pulled. When this number of pulled images is reached, no more images are pulled. | N/A | N/A | 10 | No | ||||||
docker.pull.tags | Pulls Docker images whose tags match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | The default value is "" (all images will be pulled) | No | ||||||
docker.pull.digest | Pull Docker images whose digests match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | The default value is "" (all images will be pulled) | No | ||||||
docker.delete.force | Enables WhiteSource to use Docker to delete images via the 'force' flag. This is required if the user pulled images that are related to other images, so in this case a regular delete may not work. NOTE: Use this parameter with caution. | WhiteSource uses Docker to delete images via the 'force' flag. | WhiteSource will not use Docker to delete images via the 'force' flag. | False | No | ||||||
docker.login.sudo | Whether the Unified Agent will run 'sudo docker login'. | The Unified Agent will run 'sudo docker login'. | The Unified Agent will not run 'sudo docker login'. | True | No | ||||||
docker.projectNameFormat | Determine's the Docker project's name's format.
| N/A | N/A | "DEFAULT" | No | ||||||
docker.aws.enable | Enables pulling Docker Images from Amazon Elastic Container Registry (ECR). NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from Amazon Elastic Container Registry (ECR). | Will not pull Docker Images from Amazon Elastic Container Registry (ECR). | False | No | ||||||
docker.aws.registryIds | The Registry IDs list on Amazon Web Services (the AWS 12-digit account IDs that correspond to the Amazon ECR registries). The list must include the following:
NOTE: Required if docker.aws.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.enable | Enables pulling Docker Images from Azure Container registry. NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values must also be set to True. | Pulls Docker Images from Azure Container registry. | Will not pull Docker Images from Azure Container registry. | False | No | ||||||
docker.azure.userName | Username for Azure Container registry. NOTE: Required if docker.azure.enable is True. | N/A | N/A | No default | No | ||||||
docker.azure.userPassword | Password for Azure Container registry. NOTE: Required if if docker.azure.enable=true. However, it is not mandatory if you already logged in manually to your Azure account via the Azure Client CLI. | N/A | N/A | No default | No | ||||||
docker.azure.registryNames | Docker registry names in Azure Container registry, space-delimited. NOTE: Required if docker.azure.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.authenticationType | Whether to use “containerRegistry” or "userAccount" as the authentication type. Using "userAccount" login method requiere setting should be filled "docker.azure.userName" and "docker.azure.userPassword" Using "containerRegistry", login method will login to each registry using registry username and password provided in config file in the param docker.azure.registryAuthenticationParameters | N/A | N/A | userAccount | No | ||||||
docker.azure.registryAuthenticationParameters | Registry authentication parameters should contain username and password for each registry in the following format <registryUsername>:<registryPassword>. If there are more than one registry contain in docker.azure.registryNames param then username and password should be provided separated by space: <registry1UserName>:<registry1Password> <registry2UserName>:<registry2Password> | N/A | N/A | No default | No | ||||||
docker.artifactory.enable | Enables pulling Docker Images from the Artifactory Pro Docker registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Artifactory Pro Docker registry. | Will not pull Docker Images from the Artifactory Pro Docker registry. | False | No | ||||||
docker.artifactory.url | Artifactory URL including http:// or https:// and contextpath (Artifactory default contextPath is “/artifactory" ) NOTE:
| N/A | N/A | No default | No | ||||||
docker.artifactory.pullUrl |
| N/A | N/A | No default | No | ||||||
docker.artifactory.userName | Username for Artifactory Pro Docker registry NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.userPassword | Password for Artifactory Pro Docker registry. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.repositoriesNames | Repository names in Artifactory Pro Docker registry, space-delimited list. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.dockerAccessMethod | Required when the user has read-only access. Values are: repopath, subdomain, port. In case customers use port method 'docker.artifactory.dockerAccessMethod=port', 'repository port' must be added to each repository in ‘docker.artifactory.repositoriesNames' in this format: <repositoryName>:<repositoryPort> | N/A | N/A | No default | No | ||||||
docker.hub.enabled | Enables pulling Docker Images from the Docker Hub registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Docker Hub registry. | Will not pull Docker Images from the Docker Hub registry. | False | No | ||||||
docker.hub.userName | Username for Docker Hub registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.userPassword | Password required for Password for Azure Container registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.organizationsNames | Space-delimited list of organizations under the user to be scanned. NOTE: Required if docker.hub.enable=true. | N/A | N/A | No default | No | ||||||
docker.scanTarFiles | Used when the user supplies the tar file of a Docker image. | The Unified Agent will scan the .tar file as a Docker image. | The Unified Agent will not scan the .tar file as a Docker image. | False | No | ||||||
docker.gcr.repositories | A list of repositories, comma-delimited. Example value: | N/A | N/A | Empty | No | ||||||
docker.gcr.enable | Enables pulling Docker Images from Google Container Registry with Docker. NOTE: Verify that the docker.scanImages and docker.pull.enable parameter values are also set to 'true' | Pulls Docker Images from Google Container Registry with Docker. | Will not pull Docker Images from Google Container Registry with Docker. | False | No | ||||||
docker.gcr.account | Email of Google Container Registry account. | N/A | N/A | Empty | No | ||||||
docker.layers | Enables users scanning docker images to receive information regarding packages in layer granularity. The layer granularity can be viewed in the interface under the hierarchical display. | Provides information packages in layer granularity. The scan will split the result into layers, each layer contains all packages/libraries and files found under the layer (in case a package was added at layer 2 and deleted from 3, it will not appear at all in the result, since its not part of the final result). | Will not provide the aforementioned information. | False | No |
...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? |
---|---|---|---|---|---|
docker.scanContainers | Scan all or specified containers. When General scan using local resolvers (package managers) will only occur if the resolvers are installed and available locally. Before starting a container scan, run the command "docker ps -a" to check for listed containers. | Only the DockerContainerscan (scanContainers) and Package Manager scan (scanPackageManager) the Docker container scan and Linux packages scan will occur. | Will scan all containersContainer scan will not take place. | False | No |
docker.containerIncludes | Comma, space or line-delimited list specifying which containers to include in the scan. Values provided should come from any of the following:
| N/A | N/A | The default value is "*" (all containers will be scanned) | No |
docker.containerExcludes | Comma, space or line separated list specifying which containers to exclude in the scan. Values provided should come from any of the following:
| N/A | N/A | The default value is "" (no container will be excluded) | No |
...