Container Image Targets
Use Oracle Cloud Infrastructure Vulnerability Scanning Service to create and manage container image targets and to assign them to container image scan recipes. A container image target is a collection of repositories in Container Registry that you want scanned for security vulnerabilities.
- The Container Registry Console (see Scanning Images for Vulnerabilities)
- The Vulnerability Scanning Console, API, or CLI
Container Registry lets you share and manage container images (such as Docker images) by storing them in repositories. A repository is a named collection of related images that are grouped for convenience. During the deployment of an application to a Kubernetes cluster, one or more images can be pulled from a repository to start containers on the cluster.
When you create a new repository in Container Registry, image scanning is enabled by default on the repository. Every time an image is pushed to the repository, it's scanned for security vulnerabilities. Container Registry automatically rescans any images in the repository that have changed since the previous scan. You can also disable image scanning on a particular repository.
You have two options when selecting the repositories for a target.
- Scan one or more specific repositories within a compartment.
- Scan all repositories within a compartment and its subcompartments.
If you create a target for the root compartment, then all repositories in the entire tenancy are scanned.
When a target is created, the Vulnerability Scanning service scans a specified initial number of images in the target repositories (one image by default). After this initial scan, the service also scans any new image that's pushed to the target.
The Vulnerability Scanning service saves the results for an image repository in the same compartment as the repository's Vulnerability Scanning target.
Consider the following example.
- The repository MyRepoin Container Registry is inCompartmentA.
- MyRepois specified in- Target1.
- Target1is in- CompartmentB.
- All reports related to MyRepoare inCompartmentB.
This section contains the following topics:
- Required IAM Policy for Image Scanning Targets
- Listing Container Image Targets
- Creating a Container Image Target
- Getting a Container Image Target's Details
- Editing a Container Image Target
- Listing the Repositories for a Container Image Target
- Moving a Container Image Target Between Compartments
- Deleting a Container Image Target