Skip to main content
Skip table of contents

Configure your private Microsoft Azure Container Registry (ACR) in the Mend Platform

Overview

The Mend container image registry scanning solution can integrate with your private ACR using your provided Azure Active Directory (AD) service principal.

Getting it done

Prerequisites before you scan ACR with Mend Container

  • Your Mend user must be an organization administrator.

  • Your Azure AD service principal must have the necessary access to the ACR you wish to integrate. See the ACR authentication setup section of this document for instructions.

ACR authentication setup

To properly integrate Mend with your ACR, you will need to provide your service principal’s username and password for authentication:

  1. Log in to your Azure account or use the Azure CLI.

  2. In Azure, create a new service principal. More information on how to do this can be found in Azure's documentation: Azure Container Registry authentication with service principals.

  3. During creation, add the following permission to your service principal: acrpull.
    This allows the service principal to docker pull an image, that has not been quarantined, from the relevant registry. More information on the acrpull permission can be found in the ACR repository’s documentation: ACR Roles & Permissions

  4. Once your service principal is created, obtain its username and password via the Azure CLI. We’ve provided an example of how to accomplish this from Azure’s documentation below:

    CODE 
    ## Azure documentation example ##

ACR_NAME=$containerRegistry
SERVICE_PRINCIPAL_NAME=$servicePrincipal

ACR_REGISTRY_ID=$(az acr show --name $ACR_NAME --query "id" --output tsv)

PASSWORD=$(az ad sp create-for-rbac --name $SERVICE_PRINCIPAL_NAME --scopes $ACR_REGISTRY_ID --role acrpull --query "password" --output tsv)
USER_NAME=$(az ad sp list --display-name $SERVICE_PRINCIPAL_NAME --query "[].appId" --output tsv)

echo "Service principal ID: $USER_NAME"
echo "Service principal password: $PASSWORD"

Congratulations! You are now ready to integrate your private ACR within the Mend Platform.

Note: By default, the Azure service principal’s password is valid for one year. Make sure you renew this password to keep your ACR integration with Mend up and running.

Set up your private ACR configuration via the Mend Platform UI

  1. In the Mend Platform UI, navigate to image-20240319-192945.pngIntegrations.

  2. Scroll down to the ‘Registries’ section and click ‘Microsoft Azure ACR'

    image-20240320-121352.png

The Setup Wizard

Step 1 - Fill in the General Details fields:
image-20240727-120839.png

a. Display Name
b. Description (optional)
c. Registry URL
d. Environment (multi-selection is supported)
Click the image-20240727-113029.png button at the bottom right to move on to Step 2 - Authentication.


Step 2 - Fill in the Authentication information
image-20240727-120956.png

a. Service Principal ID
b. Service Principal Password
Click the image-20240727-113029.png button at the bottom right to move on to Step 3 - Configuration.

Step 3 - Fill in the Configuration information to define your scan schedule
image-20240727-114055.png

a. Scan Time
b. Frequency
Scheduling image registry scans is crucial for maintaining the security and integrity of your container images. By default, a scan interval of 7 days will be applied. You can change the scan interval in 1-day increments or select specific days of the week when you wish for scans to be executed.

Click the image-20240727-113029.png button at the bottom right to move on to Step 4 - Summary, to view the summary of your setup as a final step before adding your registry.

Step 4 - Summary

In this step, the summary of your input from steps 1-3 will be displayed. You can go back to the previous screens of the wizard to make changes, by clicking the ‘Back’ button at the bottom right corner of the screen. If you wish to confirm your configuration and add your registry, click the ‘Done’ button:

image-20240727-114442.png

A Registry Added Successfully message will pop-up at the bottom-left corner of the user interface once the integration credentials and configuration have been verified:

image-20240328-191507.png

Note: Before adding your registry, a connectivity check will be performed automatically, to ensure the credentials are valid and the registry is accessible for the integration.

Reference

Private ACR parameters

Parameter

Description

Display Name

Type the name of your registry. This will be displayed in the Integrations dashboard.

Description

Optional. Provide any text. We recommend providing information that will help you remember the integration and the relevant registry.

Registry URL

Provide your ACR URL. The format of the URL typically looks like:

https://<yourregistryname>.azurecr.io

Environment

Select the type of environment of your private ACR (multiple options can be selected). The environment options are:

  • Production

  • Dev

  • QA

  • Staging

Service Principal ID

Provide your Azure service principal ID.

Service Principal Password

Provide your Azure service principal password.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close