Creating a Container Image Target
Create a container image scan target.
-
At least one container image scan recipe must be in the tenancy before creating a target. See Container Image Scan Recipes.
-
Give the Vulnerability Scanning service permission to pull images from Container Registry before creating a target. See Required IAM Policy for Image Scanning Recipes.
To create a container image target, complete the following steps:
After creating a target, Vulnerability Scanning checks the images in the selected repositories for security vulnerabilities. You can view the results of these scans in the following reports:
You can also use Cloud Guard to view the results of the scans. See Scanning with Cloud Guard.
Use the oci vulnerability-scanning container scan target create command and required parameters to create a new container scan target:
oci vulnerability-scanning container scan target create --display-name <name> --compartment-id <create_in_compartment_ocid> --container-scan-recipe-id <recipe_ocid> --target-registry '{"type": "OCIR", "url": "https://<region_key>.ocir.io", "compartmentId": "<repository_compartment_ocid>", "repositories": ["<repository_name>"]}'
-
<region_key>
is the key for the Container Registry region that you're using. See Availability by Region. -
For
repositories
, you can provide a list of repository names. Ifrepositories
isn’t specified, then all repositories in the compartment are scanned.
For example:
oci vulnerability-scanning container scan target create --display-name "MyTarget" --compartment-id ocid1.compartment.oc1..exampleuniqueID --container-scan-recipe-id ocid1.vsscontainerscanrecipe.oc1..exampleuniqueID --target-registry '{"type": "OCIR", "url": "https://syd.ocir.io", "compartmentId": "ocid1.compartment.oc1..exampleuniqueID", "repositories": ["myrepo"]}'
For a complete list of flags and variable options for CLI commands, see the Command Line Reference.
-
Run the CreateContainerScanTarget operation to create a new container scan target.