# Managing Registry Settings: Immutability and Vulnerability Scanning

The **Settings** tab in Ace Container Registry allows you to configure two critical security features: **immutability rules** and **vulnerability scanning**. These settings help ensure the security and integrity of your container images.

## Accessing the Settings Tab

1. Log in to the AceCloud Console.&#x20;
2. Select your Project and Region.&#x20;
3. Navigate to Container Registry.&#x20;
4. Click Overview.&#x20;
5. Select the Settings tab.&#x20;

## Configuring Vulnerability Scanning

1. Locate the Vulnerability Scanning section.&#x20;
2. Check the Enable Vulnerability Scanning box.&#x20;

a. When enabled, each newly pushed image is automatically scanned for known security issues.&#x20;

3. Save the settings.&#x20;

{% hint style="info" %}
Tip: Regularly review scan results in the **Repositories** tab to track vulnerabilities and remediation needs.
{% endhint %}

## Configuring Immutability Rules

Immutability ensures that once a tag is pushed, it cannot be overwritten. This prevents accidental or malicious overwrites of critical images.

### Steps to Configure Immutability Rules

1. In the **Settings tab**, go to **Immutability Rules**.&#x20;
2. Click **Create Rule**.&#x20;
3. Define the conditions for immutability:

a. **Repository Matching**: Specify the repositories where the rule applies.

b. **Tag Matching / Excluding**: Define tag patterns that should be protected.&#x20;

### Pattern Matching Syntax (Harbor Style)

* Use \* to match any sequence of characters in a single level.
  * Example: frontend-\* matches frontend-api, frontend-ui.
* Use \*\* to match recursively across multiple levels.
  * Example: \*\*/release matches prod/release, dev/backend/release.

4. Save the rule.&#x20;
5. The rule will now enforce immutability on matching repositories/tags.

## Important Notes

{% hint style="warning" %}

* Immutability + Replication: Combine immutability rules with replication rules for secure, consistent image management.
* Scanning Performance: Enabling vulnerability scanning may add processing overhead, but it significantly improves security posture.
* One Registry Per Project/Region: Remember that each project can only have one registry per region.
  {% endhint %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.acecloud.ai/knowledge-base/registry/managing-registry-settings-immutability-and-vulnerability-scanning.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.