Scan your Private Image Registries with Mend Container

Overview

Once your private registry integration scan is completed, the Mend Platform UI will be updated with the results, under → Integrations → My Integrations.

Getting it done

My Integrations dashboard

Your list of image registries is accessible via the My Integrations dashboard.

Note: Within the Mend Platform UI, the scope of images that are scanned with the Image Registry integration is automatically set to:

Application: The image’s registry display name
Project: The image’s repository name

Actions

When you select an image registry or multiple registries in the My Integrations table, 2 buttons will appear at the top-right corner of the screen, next to the View Catalog button: Delete and Scan Now.

The Scan Now button allows you to scan your selected private registry on command.

Note that including a system-managed registry in your selection will disable this option.

To review your scan results, visit the Review Top Risky Container Image Scan Results page.

The Delete button deletes the selected registry or registries.

Before deleting a registry, a pop-up window will appear to confirm the deletion. Type ‘DELETE’ (all caps) at the designated field (1) and then click ‘Delete’ (2), to delete the registry.

The deletion process can be performed in bulk. If you have multiple registries selected, they will all be listed in the deletion menu:

NOTE: Both actions can also be performed on a single registry by selecting it in the My Integrations table and clicking the 3-dot menu at the right edge of the screen:

My Integrations dashboard - Table Columns

Parameter	Description
Display Name	The name of the registry as applied during configuration.
Registry Type	The registry platform. The available values are: `AWS ECR` `Azure Container Registry` `Docker Hub` `JFrog Artifactory`
Registry Access	The accessibility of the registry. The available values are: `Private`: a private registry instance, connected by an integration. `Public/Manual`: an auto-detected public registry or a registry detected by a manual scan.
Scan Status	The current status of the registry scan. The available values are: `In Progress` - The integration is currently scanning your registry. While hovering over the `In Progress` status, you can see a message that shows the number of images that have been scanned and what images are in queue. The message states: “`Registry scan in progress, X out of Y images were scanned.`" `Completed` - (Green) The integration has completed the scan on your registry. `Outdated` - Registry hasn’t been scanned in the last 7 days → Scan is outdated. `Not Completed` - (Orange) Scan was not completed, only X out of Y images were scanned System-Managed Note: Statuses are only available for private registry scans.
Environment	The label applied to the registry during configuration. The available values are: `Production` `Dev` `QA` `Staging` Note: Labels are only applicable to private registries.
Last Scan Date	The date and time of the last completed scan on the registry. The format of the last scan date is `MM/DD/YY 00:00 AM/PM`.
Assigned User	The service account that is performing the various actions on the selected registry (e.g. scan) This account needs to have admin permissions in the system to create new scopes. In case this user does not have admin permissions for some reason, registry scans might fail.
Actions	Available options to conduct on the selected registry. The available options are: `Scan Now` - (Private registries only) Trigger a scan on the selected private registry `Delete` - Delete the selected registry

Scanner Limitations by using Registry Integration

Scans of Tar files that are larger than 900MB will fail, and an error message will be shown in the Mend UI to indicate that the image should be scanned locally with the CLI.
Fail reason: File size exceeds the limit in service scanner, need to scan via cli

This is due to potential memory limitations with the service scanners.