Docker - Add Integration

Suggested Reading: What is an Integration?

Overview

An Integration of type Docker allows working with container images to scan those images using one of the available scanning tools or services. There are 3 types of Docker-type Integrations you can create:

1. DockerHub - access your container images from your Docker Hub account.
2. Sonatype - access your container images from your Sonatype Registry Manager.
3. Local Docker (onprem) - access your container images from your local hosts’s docker repository.

Prerequisites

The prerequisites vary depending on the which of the 3 types you are working with:

1. DockerHub

• Valid credentials to access Docker Hub
• Docker Hub credentials have access to the desired namespace(s) and image(s)
• If running onprem (not common when working with Docker Hub), connectivity out to Docker Hub and out to ZeroNorth (see ZeroNorth™ Environment Checklist for details).

2. Sonatype

In this case, it is assumed that you have an onprem, private Sonatype Registry Manager server that can only be accessed from within your network. Therefore, the Integration you create will need to be set to the onprem modality.

• Valid credentials to access the Sonatype Registry Manager via the API.
• Docker environment installed and running on the host where you will be utilizing ZeroNorth via our onprem agents (see the article Set Up Docker for ZN’s Docker Agents for more information).
• Connectivity from the above Docker host to the Sonatype Registry Manager, and also out to ZeroNorth (see ZeroNorth™ Environment Checklist for details).

3. Local Docker

With this type, there is limited support for scanning container images that are already in the docker repository of the local host where you are running the ZeroNorth remote agents. It is assumed that you are running in the “onprem” modality.

• The local Docker service is addressable via docker commands or via the TCP channel.

Steps

• Go to znADM > Integrations
• Click +Add Integration
• Enter a Name for the Integration (see our Integration Name Recommendations)
• Set the Type to “Docker”
• Set the Registry to one of:
  1. “DockerHub”
  2. “Sonatype”
  3. “Local Docker (onprem)”

Follow the instructions below specific to each Registry type choice.

1. DockerHub

• Enter the URL (https://hub.docker.com)
• Enter username and access token
• Click Create Integration

2. Sonatype

• Set the Initiate Scan From to the appropriate value. If you are using a private registry, then this will most likely be “Customer’s Environment”.
• Enter the URL (e.g., https://registry.acme.com)
• Enter username and access token
• Click Create Integration

3. Local Docker (onprem)

• Set the Initiate Scan From to “Customer’s Environment”.
• Enter the URL (e.g., https://registry.acme.com)
• Set Docker Address Type to one of:
  • Unix - most common. Allows ZeroNorth to interact with the local Docker daemon via docker commands.
  • TCP - use this if you connect to your local Docker service via TCP. If you select this option, set the Docker TCP Address . It’s typically like “tcp://docker:2375”.
• Click Create Integration