The Settings page of the Aqua Security allows you to view and modify settings that affect the functioning of Aqua. Some procedures are documented in this section and others are documented as part of the related functionality. You can access the Settings page from the left pane of the Aqua UI.

An Aqua user (Example: Admins) whose access permission set enabled with category, System > Settings can access the Settings page with one of the following permissions:

  • View Only: just for viewing system settings
  • Edit: to modify the system settings.

For more information, refer to Configure Permission Sets.

Group of settings

Following is the list of groups of settings that can be configured from this page:

The following table lists the documentation link for each group of settings:

Settings groupDocumentation link
Scanning (Applicable plans: Team, Advanced and Enterprise)Configure Scanning Options
Image Scan Results Webhook (Applicable plans: Advanced and Enterprise only)Send Image Scan Results to an External System
Aqua CyberCenter (Applicable plans: Team, Advanced and EnterpriseConfigure Aqua CyberCenter
Cleanup (Applicable plans: Team, Advanced and EnterpriseCleanup
Export/Import (Applicable plans: Advanced and Enterprise only)Export/Import

Cleanup Setting

This section explains how to configure Aqua server to remove selected artifacts of a certain age. To configure the Cleanup settings, you should navigate to Settings > Cleanup. You can configure the following settings in this page:

  • Remove old images from repositories automatically
  • Remove old audit events automatically

Remove old images automatically

You can configure Aqua server to remove the oldest images automatically from the repositories configured in Aqua. This has two benefits: 

  • Force users to use more recent images
  • Improve the performance of Aqua scanners by reducing the number of images to be scanned
  • Control the number of images stored in each repository before it reaches the limit set for Advanced or Team tier customers
Limitations on the repositories and images stored in Aqua for scanning:

- If you use Aqua Advanced plan, you can add a maximum of 100 repositories and unlimited images in each repository

- If you use Aqua Team plan, you can add a maximum of 40 repositories and 10 images in each repository

In both the Team and Advanced plans, Adding each repository consumes 250 Aqua units from your account.

When the old images are removed automatically from Aqua, the actual images are not deleted, either from the registry or from the host on which they are located. You can configure the maximum number of images to store in your repositories (other than the limit set for your Aqua edition). You can also set the criterion for determining the age of each image since: 

  • created time in registry
  • recent scan date
  • it was registered in the Aqua server

If adding an image to a repository exceeds the threshold set, Aqua removes the oldest image automatically, according to the selected criterion, from the repository. This applies to all methods of adding the images: through Images page > Add Image, new images pulled from registries regularly, or new images added through scanner Command Line Interface (CLI).

To configure this Cleanup setting:

  1. Enable the Remove the oldest images in each repository checkbox.
  2. Set the time of the day for the image cleanup to occur.
  3. Select either Daily or Specific Days of the week for the image cleanup to occur at the specified time of the day.
  4. Set the maximum number of images allowed to store in each repository. (50 number set in the example)
  5. From the dropdown, select one of the following criteria to calculate age of the image:
  • Time of Creation in Registry
  • Last Scan Date
  • Time of Image Registration

       6. Click Save

In the example shown below, Aqua removes oldest images at 12:00 am every Wednesday, Friday, and Sunday when total number of images exceeds 50 in any repository. In this example, age of the images is calculated from the time of image registration in Aqua server.

Cleanup settings are applied to all repositories on the Aqua server.