Azure Container Registry Integration

Overview

This article provides instructions on how to integrate Azure with the Unified Agent in order to be able to scan Docker Images.

Prerequisites 

  1. An authorized account to Azure Container Registry
  2. Permissions for image pulling from Azure Container Registry
  3. Docker installed

Download Unified Agent & Configuration File

Use the following options to download the latest version of the WhiteSource Unified Agent JAR file and configuration file to your local host.

Windows Using CURL

  1. Download CURL, and add it to your PATH environment variable.
  2. Open a new command prompt
  3. Run the following commands:

Windows Using PowerShell

  1. Open a new command prompt
  2. Run the following commands:

Linux/Unix

Run the following commands from the Linux/Unix bash prompt :

Updating the Configuration File

Update the configuration file (whitesource-fs-agent.config) that you downloaded in step 2 according to your specific requirements.
Enable the relevant lines by removing the '#' symbol at the beginning of the lines. You can find a description about each line and its meaning in the following link.
Example of values for uncommented lines:

This configuration sets the Unified Agent to scan all the docker repositories named *alpine.* except for the two image tags in the 'exclude' section.
Alternatively, you can leave the docker.excludes parameter commented if you want to scan all your image containers.

Configuration Parameters

Attribute
Type
Description
Required
docker.azure.enable

Boolean

Enables pulling Docker Images from Azure Container registry. 

Note: Verify that the  'docker.scanImages' and 'docker.pull.enable' parameter values are also set to 'true'

Yes
docker.azure.userNameStringUsername for Azure Container registryYes
docker.azure.userPasswordStringPassword for Azure Container registryYes. Not mandatory if you already logged in manually to your Azure account via the Azure Client CLI. 
docker.azure.registryNamesStringDocker repository names in Azure Container registry separated by a spaceYes

docker.azure.authenticationType 

StringAuthentication Type for Azure Container registry. Either “containerRegistry” or "userAccount".Yes. Default is "userAccount" - case insensitive.

docker.azure.registryAuthenticationParameters 

String

Used in case login is by acr "docker.azure.authenticationType =containerRegistry.

Format: “<acr-username>:<acr-password>".

Only if login is by acr "docker.azure.authenticationType =containerRegistry.

Azure command:

Run the Unified Agent:



Scanning Information
The scanner saves your required images and scans all the file system and installed packages.
It scans all the image layers and handles archive files in the layers based on the value in the property 'archiveExtractionDepth'.

The Docker image is saved to the temporary directory defined in your environment and is deleted immediately after the scan.
The scanning results are presented in a new WhiteSource project identified by the name of the image in the following format:  <image id> <repository> <tag>.
The project is created in the WhiteSource product specified in the configuration file or command line.