Versions Compared

Old Version 32

changes.mady.by.user Tsur Rothfeld

Saved on

compared with

New Version Current

changes.mady.by.user Michelle Friedman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
maxLevel3

Overview

This topic describes how to integrate Azure with the Unified Agent in order to scan Docker Images.

Prerequisites 

  • An authorized account to Azure Container Registry

  • Permissions for image pulling from Azure Container Registry

  • Docker installed

Info

  • Unified Agent will scan the images on your localhost (after they are pulled from Azure Container Registry).

  • Unified Agent requires downloading a JAR file and a configuration file. You can download them manually or by using the steps described below.

Downloading the Unified Agent & Configuration File

Info

Notice on periodically fetching the Unified Agent

It is advised to use the below commands only once a week to download the latest version of the Unified Agent for performance reasons and not as part of every build. You can do this using a scheduler task, such as cron.

Use the following options to download the latest version of the WhiteSource Unified Agent JAR file and configuration file to your local host.

Windows Using CURL

  1. Download CURL, and add it to your PATH environment variable.

  2. Open a new command prompt

  3. Run the following commands:

    Windows Using CURL

    Code Block
    languagejava
    curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
ccurl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config

Windows Using PowerShell

...

Open a new command prompt.

Run the following commands:

Windows Using PowerShell

Code Block
languagejava
powershell bitsadmin /transfer mydownload /dynamic /download /priority FOREGROUND https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar $pwd\wss-unified-agent.jar 
powershell bitsadmin /transfer mydownload /dynamic /download /priority FOREGROUND https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config $pwd\wss-unified-agent.config
Info

If you want to use PowerShell on Windows, ensure that Background Intelligent Transfer Service (BITS) is enabled.

Linux/Unix

Run the following commands from the Linux/Unix bash prompt :

Linux/Unix Using CURL
Code Block
languagejava
curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
curl -LJO https://github.com/whitesource/unified-agent-distribution/raw/master/standAlone/wss-unified-agent.config

Updating the Configuration File

Update the configuration file (whitesource-fs-agent.config) that you downloaded in step 2 according to your specific requirements.
Enable the relevant lines by removing the '#' symbol at the beginning of the lines. You can find a description about each line and its meaning here.
Example of values for uncommented lines:

Code Block
languagejava
docker.includes=.*alpine.*
docker.excludes=.*2017.10.01.* .*2017.06.01.*
docker.scanImages=true
docker.pull.enable=true
docker.pull.images=.*.*
docker.pull.tags=.*.*
docker.pull.digest=.*.*
docker.delete.force=false
docker.azure.enable=false
docker.azure.registryIds=XXXXXXXXXXXX
docker.pull.maxImages=10
docker.login.sudo=true

This configuration sets the Unified Agent to scan all the docker repositories named *alpine.* except for the two image tags in the 'exclude' section.
Alternatively, you can leave the docker.excludes parameter commented if you want to scan all your image containers.

Configuration Parameters

...

Attribute

...

Type

...

Description

...

Required

...

docker.azure.enable

...

Boolean

...

Enables pulling Docker Images from Azure Container registry. 

Note: Verify that the  'docker.scanImages' and 'docker.pull.enable' parameter values are also set to 'true'

...

Yes

...

docker.azure.userName

...

String

...

Username for Azure Container registry

...

Yes

...

docker.azure.userPassword

...

String

...

Password for Azure Container registry

...

Yes. Not mandatory if you already logged in manually to your Azure account via the Azure Client CLI. 

...

docker.azure.registryNames

...

String

...

Docker repository names in Azure Container registry separated by a space

...

Yes

...

docker.azure.authenticationType 

...

String

...

Authentication Type for Azure Container registry. Either “containerRegistry” or "userAccount".

...

Yes. Default is "userAccount" - case insensitive.

...

docker.azure.registryAuthenticationParameters 

...

String

...

Used in case login is by acr "docker.azure.authenticationType =containerRegistry.

Format: “<acr-username>:<acr-password>".

...

Only if login is by acr "docker.azure.authenticationType =containerRegistry.

Azure command:

Code Block
$ az login -u <username> -p <password>

Info

Parameters 'docker.scanImages' and 'docker.pull.enable' should be set to true.

Run the Unified Agent:

Code Block
java -jar whitesource-wss-agent.jar -apiKey xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxx -c whitesource-wss-agent.config

Scanning Information
The scanner saves your required images and scans all the file system and installed packages. It scans all the image layers and handles archive files in the layers based on the value in the property 'archiveExtractionDepth'.
The Docker image is saved to the temporary directory defined in your environment and is deleted immediately after the scan. The scanning results are presented in a new WhiteSource project identified by the name of the image in the following format:  <image id> <repository> <tag>.
The project is created in the WhiteSource product specified in the configuration file or command line.This page is available at: https://docs.mend.io/bundle/unified_agent/page/azure_container_registry_integration.html