Configure your private Azure Container Registry (ACR) with Mend
Overview
The Mend container image registry scanning solution can integrate with your private ACR using your provided Azure Active Directory (AD) service principal.
Getting it done
Prerequisites before you scan ACR with Mend
Your Mend user must be an organization administrator in order to access the Cloud Native UI.
Your Azure AD service principal must have the necessary access to the ACR you wish to integrate. See the ACR authentication setup section of this document for instructions.
ACR authentication setup
To properly integrate Mend with your ACR, you will need to provide your service principal’s username and password for authentication:
Log in to your Azure account or use the Azure CLI.
In Azure, create a new service principal. More information on how to do this can be found in Azure's documentation: Azure Container Registry authentication with service principals.
During creation, add the following permission to your service principal:
acrpull.
This allows the service principal todocker pullan image, that has not been quarantined, from the relevant registry. More information on theacrpullpermission can be found in the ACR repository’s documentation: ACR Roles & Permissions.Once your service principal is created, obtain its username and password via the Azure CLI. We’ve provided an example of how to accomplish this from Azure’s documentation below:
CODE## Azure documentation example ## ACR_NAME=$containerRegistry SERVICE_PRINCIPAL_NAME=$servicePrincipal ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query "id" --output tsv) PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull --query "password" --output tsv) USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv) echo "Service principal ID: $USER_NAME" echo "Service principal password: $PASSWORD"
Congratulations! You are now ready to integrate your private ACR within the Mend Application.
Note: By default, the Azure service principal’s password is valid for one year. Make sure you renew this password to keep your ACR integration with Mend up and running.
Set up your private ACR configuration in the Mend Application
Within the Mend Application, navigate to the Cloud Native UI:
Navigate to the Integrations dashboard:
Click on + Add registry:
The “Add registry?” pop-up wizard appears. Select Azure Container Registry for the Registry Type setting to start the configuration setup for ACR.
Fill out the configuration with your ACR information. For more information on the parameters provided, refer to the Private ACR parameters section within this document:
Once you have finished filling out the configuration, scroll to the bottom of the wizard and click on Add to add your private ACR to the registry integration:
The Registry Added Successfully pop-up message displays once the integration credentials and configuration have been successfully verified:
Note: Before adding your registry, we will automatically perform a connectivity check it to ensure the credentials are valid and the registry is accessible for the integration.
Reference
Private ACR parameters
Parameter | Description |
|---|---|
Display Name | Type the name of your registry. This will be displayed in the Integrations dashboard. |
Description | Optional. Provide any text. We recommend providing information that will help you remember the integration and the relevant registry. |
Registry URL | Provide your ACR URL. The format of the URL typically looks like:
|
Environments | Select the type of environment of your private ACR (multiple options can be selected). The environment options are:
|
Access Method | Select |
Service Principal ID | Provide your Azure service principal ID. |
Service Principal Password | Provide your Azure service principal password. |