Google Container Registry

This page provides an overview of how to use Mondoo to scan Google Container Registry for vulnerabilities in your containers.

The Container Registry allows you to store container images within Google Cloud. To learn about the Google Cloud container registry, read the Container Registry Get Started Guide.

import Partial from "./_providers-note.mdx";

{" "}

Prerequisite

Install the gcloud command and log in using gcloud auth login.

Set your project:

$ gcloud config set project <projectID>

Updated property [core/project].

List all available container repositories:

$ gcloud container images list

NAME
gcr.io/<projectID>/<repoName>

List the repositories' tags:

$ gcloud container images list-tags gcr.io/<projectID>/<repoName>

DIGEST        TAGS    TIMESTAMP
e5dd9abc37df  latest  2020-03-20T20:20:23
a98d9dcf3a34  16.04   2020-02-21T23:22:30
0925d0867157  18.04   2020-02-21T23:20:44
61844ceb1dd5  19.04   2020-01-16T02:20:47

To authenticate with the registry, log in with gcloud

gcloud auth configure-docker

Scan

To scan an individual repository, enter:

cnspec scan container registry gcr.io/<projectID>/<repoName>

  →  loaded configuration from /Users/suki/.config/mondoo/mondoo.yml
Start the vulnerability scan:
  →  resolve asset connections
  →  verify platform access to a98d9dcf3a34
  →  gather platform details
  →  detected ubuntu 16.04
  →  gather platform packages for vulnerability scan
  →  found 96 packages
  ✔  completed analysis for a98d9dcf3a34
  →  verify platform access to 0925d0867157
  →  gather platform details
  →  detected ubuntu 18.04
  →  gather platform packages for vulnerability scan
  →  found 89 packages
  ✔  completed analysis for 0925d0867157
  →  verify platform access to 61844ceb1dd5
  →  gather platform details
  →  detected ubuntu 19.04
  →  gather platform packages for vulnerability scan
  →  found 89 packages
  ✔  completed analysis for 61844ceb1dd5
  →  verify platform access to e5dd9abc37df
  →  gather platform details
  →  detected ubuntu 18.04
  →  gather platform packages for vulnerability scan
  →  found 89 packages
  ✔  completed analysis for e5dd9abc37df
Advisory Reports Overview
  ■  SCORE  NAME          SCORE
  ■  0.0    a98d9dcf3a34  ══════════
  ■  0.0    0925d0867157  ══════════
  ■  4.6    61844ceb1dd5  ══════════
  ■  0.0    e5dd9abc37df  ══════════

Google Cloud also ships with non-standard extensions to search images on your project level. To use those extensions, use the gcp gcr provider:

cnspec scan gcp gcr <projectID>

Google Container Registry

Prerequisite

Scan

On this page