You can now integrate your GCP Container Registry with Aikido to scan your containers for known vulnerabilities.
Follow the simple steps below to activate this feature:
Create a service account
First, you need to create a service account in GCP's 'IAM & Admin' console. The service account needs to have been assigned the
Container Registry Service Agentrole.
Create a key for the service account
Once the service account is created, you need to create a key for this account which Aikido can use to access the containers. Navigate to the service account's details from the overview by clicking on the name, and then selecting the
On this tab, click on
ADD KEYand create a new JSON key. When the key is created, it will automatically download a JSON file with the key contents. You need to provide the key contents in the next step.
Connect the registry in Aikido
Now that you created the service account and obtained the key, you can connect the registry in Aikido. Start by going to Aikido's container overview page. Click on
Connect registryand select
GCP Container Registryfrom the list of registries.
On this page, you need to enter the first enter the project ID from GCP where the Container Registry is hosted and then you can upload the JSON key file you obtained in the previous step. Aikido will store this key encrypted in a secure place and use it to scan the images.
Once the registry is connected, we'll look for the repositories in your Container Registry, after which you can start scanning the ones you want.
Aikido also supports the scanning of your containers hosted in GCP's Artifact Registry. You can find those instructions here.