GitHub Container Registry

You can now integrate your Github Container Registry with Aikido to scan your containers for known vulnerabilities.

Follow the simple steps below to activate this feature:

Step 1: Log into your Github account to gather some data.

We'll have to gather your username (see screenshot)

Step 2: Copy the organisation name where the container registry resides. This is visible in the github-url (see screenshot)

Step 3: Under profile settings, developer settings, Personal access tokens, Tokens (classic), generate a new classic token for Aikido

(direct link: https://github.com/settings/tokens).

the scope includes: read:packages

Step 4: Enter the collected data in Aikido (direct link: https://app.aikido.dev/settings/container-image-registry/add/github)

Step 5: Aikido will now find all container repositories you can access and list them.

Step 6: Repositories can be linked to a code repository in order to perform better deduplication of findings. This step is optional!

Step 7: In the action menu next to the registry, click 'scan repos in registry' to get started. Results will appear in the Feed!

Set Up GitHub Container Registry Scanning →

Discover Integration Details →