Quay Security Scanner
Quay Enterprise supports scanning container images for known vulnerabilities with a scanning engine such as Clair. This document explains how to configure Clair with Quay Enterprise.
Visit the management panel
Sign in to a super user account and visit
http://yourregister/superuser to view the management panel:
Enable Security Scanning
- Click the configuration tab () and scroll down to the section entitled Security Scanner.
- Check the "Enable Security Scanning" box
Enter a security scanner
In the "Security Scanner Endpoint" field, enter the HTTP endpoint of a Quay Enterprise-compatible security scanner such as Clair.
Generate an auth key
To connect Quay Enterprise securely to the scanner, click "Create Key >" to create an authentication key between Quay and the Security Scanner.
Authentication for high-availability scanners
If the security scanning engine is running on multiple instances in a high-availability setup, select "Generate shared key":
Enter an optional expiration date, and click "Generate Key":
Save the key ID and download the preshared private key into the configuration directory for the security scanning engine.
Authentication for single-instance scanners
If the security scanning engine is being run on a single instance, select "Have the service provide a key":
Once the following dialog is visible, run the security scanning engine:
When the security scanning engine connects, the key will be automatically approved.
- Click "Save Configuration Changes"
- Restart the container (you will be prompted)