Summary

This is a step by step guide on how to integrate the Docker Trusted Registry with Aqua CSP so that you will be able to scan the images from the Aqua Console.


Environment

Aqua CSP 5.0

Docker Trusted Registry (DTR) 2.7.6


Deployment Steps


Step 1: Prerequisites

  • In this guide, we will be using the following tools that are already deployed to demonstrate how to connect both components together;
    • Aqua CSP 5.0
    • Docker UCP 3.2.6 + DTR 2.7.6
  • In addition to the above, ensure that you have the following details available and ready;
    • Registry URL
    • Registry Username
    • Registry Password


Step 2: Configure and connect to your DTR through the Aqua Console

  • Navigate to the Image Registry page that is located Aqua UI > Settings > Integrations and click on the Add Registry button so that we can select the Docker Trusted Registry type for our configuration;



  • Once you have selected the desired registry type, the next step is to populate the required fields, such as the registry URL, username and password; that will be required to connect to the registry;
    • Note: Ensure that you also check the "prefer DTR API" box - this feature gives the Aqua Console the option to search repositories with the DTR API first, and failover to the standard Docker V2 API if necessary.




Step 3: Test the connection and save the configuration

  • Once you are satisfied with your configuration input, the next step will be to click on the Test Connection button to see if we are able to successfully reach and connect to the DTR;



  • If each check is successful - you can go ahead and save the configuration for the DTR. Once saved, you should now have the registry integrated with the Aqua console;






Step 4: Scan Images from DTR through the Aqua Console

  • To scan images from the DTR, in your Aqua console, navigate to the Images page and click on the Add Images button. You will be presented with a window where you can select the registry type and search for specific images and add them to the scan queue so that the can be scanned;





  • Once the scans for the images are completed, you will be able to see the scanned images in the General tab and be able to view the vulnerability findings for each image;



Related Information

  1. https://docs.aquasec.com/docs/image-registries-and-repositories 
  2. https://docs.mirantis.com/docker-enterprise/v3.0/dockeree-products/dtr.html