search

Managing Registry Settings: Immutability and Vulnerability Scanning

The Settings tab in Ace Container Registry allows you to configure two critical security features: immutability rules and vulnerability scanning. These settings help ensure the security and integrity of your container images.

hashtag
Accessing the Settings Tab

  1. Log in to the AceCloud Console.

  2. Select your Project and Region.

  3. Navigate to Container Registry.

  4. Click Overview.

  5. Select the Settings tab.

hashtag
Configuring Vulnerability Scanning

  1. Locate the Vulnerability Scanning section.

  2. Check the Enable Vulnerability Scanning box.

a. When enabled, each newly pushed image is automatically scanned for known security issues.

  1. Save the settings.

circle-info

Tip: Regularly review scan results in the Repositories tab to track vulnerabilities and remediation needs.

hashtag
Configuring Immutability Rules

Immutability ensures that once a tag is pushed, it cannot be overwritten. This prevents accidental or malicious overwrites of critical images.

hashtag
Steps to Configure Immutability Rules

  1. In the Settings tab, go to Immutability Rules.

  2. Click Create Rule.

  3. Define the conditions for immutability:

a. Repository Matching: Specify the repositories where the rule applies.

b. Tag Matching / Excluding: Define tag patterns that should be protected.

hashtag
Pattern Matching Syntax (Harbor Style)

  • Use * to match any sequence of characters in a single level.

    • Example: frontend-* matches frontend-api, frontend-ui.

  • Use ** to match recursively across multiple levels.

    • Example: **/release matches prod/release, dev/backend/release.

  1. Save the rule.

  2. The rule will now enforce immutability on matching repositories/tags.

hashtag
Important Notes

circle-exclamation

  • Immutability + Replication: Combine immutability rules with replication rules for secure, consistent image management.

  • Scanning Performance: Enabling vulnerability scanning may add processing overhead, but it significantly improves security posture.

  • One Registry Per Project/Region: Remember that each project can only have one registry per region.

PreviousHow to create a registry?NextDeleting a Container Registry in AceCloud

Last updated