...
Configuration File Parameter | Description and Expected Behavior | If True | If False | Default | Command Line Parameter Available? | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
docker.scanImages | Runs scans on all or specified images. See here for more information on scanning Docker images. | Only the Docker image scan will occur. | Docker image scan will not take place. | False | -docker.scanImages | ||||||
docker.includes | Comma, space or line-delimited list specifying which images to include in the scan. Values provided should come from either of the following:
| N/A | N/A | The default value is ".*.*" (All images will be scanned) | No | ||||||
docker.excludes | Comma, space or line-delimited list specifying which images to exclude in the scan. Values provided should come from either of the following:
| N/A | N/A | Empty (No images will be excluded) | No | ||||||
docker.excludeLayersByLabel | Enables scanning Docker layers defined after a specific label. This feature can be used to exclude certain Docker layers from the scan, for example, the layers that comprise the base image. The parameter should be set with a label string (key=value) which will direct the Unified Agent to scan only the Docker layers that appear after the specified label. NOTES:
| N/A | N/A | Empty | No | ||||||
docker.projectNameFormat | Determine's the Docker project's name's format.
NOTE: Irrelevant when docker.scanTarFiles=true. | N/A | N/A | "DEFAULT" | No | ||||||
docker.scanTarFiles | Used when the user supplies the tar file of a Docker image. NOTE: The project name will be derived from the tar file name. | The Unified Agent will scan the .tar file as a Docker image. | The Unified Agent will not scan the .tar file as a Docker image. | False | No | ||||||
docker.layers | Enables users scanning docker images to receive information regarding packages in layer granularity. The layer granularity can be viewed in the interface under the hierarchical display. | Provides information packages in layer granularity. The scan will split the result into layers, each layer contains all packages/libraries and files found under the layer (in case a package was added at layer 2 and deleted from 3, it will not appear at all in the result, since its not part of the final result). | Will not provide the aforementioned information. | False | No | ||||||
docker.pull.enable | Whether to execute "pull" from all from from all relevant registries | Executes 'pull' from all relevant registries | Will not pull anything | False | No | ||||||
docker.pull.images | Pull Docker images that match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | Empty (all images will be pulled) | No | ||||||
docker.pull.maxImages | Defines the maximum number of images to be pulled. When this number of pulled images is reached, no more images are pulled. | N/A | N/A | 10 | No | ||||||
docker.pull.tags | Pulls Docker images whose tags match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | Empty (all images will be pulled) | No | ||||||
docker.pull.digest | Pull Docker images whose digests match the specified filter (string). Can include regular expressions or a list of space-delimited values. | N/A | N/A | Empty (all images will be pulled) | No | ||||||
docker.delete.force | Enables Mend to use Docker to delete images via the 'force' flag. This is required if the user pulled images that are related to other images, so in this case a regular delete may not work. NOTE: Use this parameter with caution. | Mend uses Docker to delete images via the 'force' flag. | Mend will not use Docker to delete images via the 'force' flag. | False | No | ||||||
docker.login.sudo | Whether the Unified Agent will run 'sudo docker login'. | The Unified Agent will run 'sudo docker login'. | The Unified Agent will not run 'sudo docker login'. | True | No | ||||||
docker.aws.enable | Enables pulling Docker Images from Amazon Elastic Container Registry (ECR). NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from Amazon Elastic Container Registry (ECR). | Will not pull Docker Images from Amazon Elastic Container Registry (ECR). | False | No | ||||||
docker.aws.registryIds | The Registry IDs list on Amazon Web Services (the AWS 12-digit account IDs that correspond to the Amazon ECR registries). The list must include the following:
NOTE: Required if docker.aws.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.enable | Enables pulling Docker Images from Azure Container registry. NOTE: If set to True, the 'docker.scanImages' and 'docker.pull.enable' parameter values must also be set to True. | Pulls Docker Images from Azure Container registry. | Will not pull Docker Images from Azure Container registry. | False | No | ||||||
docker.azure.userName | Username for Azure Container registry. NOTE: Required if docker.azure.enable is True. | N/A | N/A | No default | No | ||||||
docker.azure.userPassword | Password for Azure Container registry. NOTE: Required if if docker.azure.enable=true. However, it is not mandatory if you already logged in manually to your Azure account via the Azure Client CLI. | N/A | N/A | No default | No | ||||||
docker.azure.registryNames | Docker registry names in Azure Container registry, space-delimited. NOTE: Required if docker.azure.enable=true. | N/A | N/A | No default | No | ||||||
docker.azure.authenticationType | Whether to use “containerRegistry” or "userAccount" as the authentication type. Using "userAccount" login method requiere setting should be filled "docker.azure.userName" and "docker.azure.userPassword" Using "containerRegistry", login method will login to each registry using registry username and password provided in config file in the param docker.azure.registryAuthenticationParameters | N/A | N/A | userAccount | No | ||||||
docker.azure.registryAuthenticationParameters | Registry authentication parameters should contain username and password for each registry in the following format <registryUsername>:<registryPassword>. If there are more than one registry contain in docker.azure.registryNames param then username and password should be provided separated by space: <registry1UserName>:<registry1Password> <registry2UserName>:<registry2Password> | N/A | N/A | No default | No | ||||||
docker.artifactory.enable | Enables pulling Docker Images from the Artifactory Pro Docker registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Artifactory Pro Docker registry. | Will not pull Docker Images from the Artifactory Pro Docker registry. | False | No | ||||||
docker.artifactory.url | Artifactory URL including http:// or https:// and contextpath (Artifactory default contextPath is “/artifactory" ) NOTE:
| N/A | N/A | No default | No | ||||||
docker.artifactory.pullUrl |
| N/A | N/A | No default | No | ||||||
docker.artifactory.userName | Username for Artifactory Pro Docker registry NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.userPassword | Password for Artifactory Pro Docker registry. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.repositoriesNames | Repository names in Artifactory Pro Docker registry, space-delimited list. NOTE: Required if docker.artifactory.enable=true. | N/A | N/A | No default | No | ||||||
docker.artifactory.dockerAccessMethod | Required when the user has read-only access. Values are: repopath, subdomain, port. In case customers use port method 'docker.artifactory.dockerAccessMethod=port', 'repository port' must be added to each repository in ‘docker.artifactory.repositoriesNames' in this format: <repositoryName>:<repositoryPort> | N/A | N/A | No default | No | ||||||
docker.hub.enabled | Enables pulling Docker Images from the Docker Hub registry. NOTE: Verify that the 'docker.scanImages' and 'docker.pull.enable' parameter values are also set to True. | Pulls Docker Images from the Docker Hub registry. | Will not pull Docker Images from the Docker Hub registry. | False | No | ||||||
docker.hub.userName | Username for Docker Hub registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.userPassword | Password required for Password for Azure Container registry. NOTE: Required if docker.hub.enable=true | N/A | N/A | No default | No | ||||||
docker.hub.organizationsNames | Space-delimited list of organizations under the user to be scanned. NOTE: Required if docker.hub.enable=true. | N/A | N/A | No default | No | ||||||
docker.gcr.repositories | A list of repositories, comma-delimited. Example value: | N/A | N/A | Empty | No | ||||||
docker.gcr.enable | Enables pulling Docker Images from Google Container Registry with Docker. NOTE: Verify that the docker.scanImages and docker.pull.enable parameter values are also set to 'true' | Pulls Docker Images from Google Container Registry with Docker. | Will not pull Docker Images from Google Container Registry with Docker. | False | No | ||||||
docker.gcr.account | Email of Google Container Registry account. | N/A | N/A | Empty | No |
...