Creating a Container Image Scan Recipe

Create a container image scan recipe.

Important

  • Before you begin, review the policies documentation for Vulnerability Scanning. See Required IAM Policies for Scanning.
  • After you create an OCI agent or Qualys agent Compute scan recipe, don't change that recipe to change agents. Create another recipe.
  • To create a container image scan recipe, complete the following steps:

    1. Open the navigation menu and click Identity & Security. Under Scanning, click Scan Recipes.
    2. Open the Create scan recipe panel in one of the following ways:
      • If no scan recipes exist, the Welcome page is displayed, which includes an introduction to the service.
      • Click Create scan recipe, select the compartment in which you want to create the recipe, and then select the Container image type.
      • If scan recipes exist, select the compartment in which you want to create the recipe, click the Container image tab, and then click Create.
    3. Verify that the recipe type is Container image.
    4. Enter a name for the recipe.

      Avoid entering confidential information.

    5. (Optional) Enter the number of container images (1—4) to scan when a target is created using this recipe.

      When a target is created, the Vulnerability Scanning service scans a specified initial number of images in the target repositories (one image by default). After this initial scan, the service also scans any new image that's pushed to the target.

    6. (Optional) Click Show advanced options to assign tags to the recipe.

      If you have permissions to create a resource, you also have permissions to add free-form tags to that resource.

      To add a defined tag, you must have permissions to use the tag namespace.

      For more information about tagging, see Resource Tags. If you're not sure if you should add tags, skip this option or ask your administrator. You can add tags later.

    7. Save the recipe using one of the following methods.
      1. Click Create scan recipe to create the recipe in the Vulnerability Scanning service.
      2. Click Save as stack to manage the stack through the Resource Manager service. On the Save as stack window, complete the fields, and then click Save. For more information about stacks, see Managing Stacks.

    After creating a recipe, you can create scan targets and associate them with the recipe. See Creating a Container Image Target.

  • Use the oci vulnerability-scanning container scan recipe create command and required parameters to create a new container scan recipe:

    oci vulnerability-scanning container scan recipe create --display-name <name> --compartment-id <compartment_ocid> --scan-settings '{"scanLevel": "STANDARD"}'

    For example:

    oci vulnerability-scanning container scan recipe create --display-name MyRecipe --compartment-id ocid1.compartment.oc1..exampleuniqueID --scan-settings '{"scanLevel": "STANDARD"}'

    For a complete list of flags and variable options for CLI commands, see the Command Line Reference.

  • Run the CreateContainerScanRecipe operation to create a new container scan recipe.