Red Hat Advanced Cluster Security for Kubernetes (RHACS) integrates with various vulnerability scanners to enable you to import your container images and monitor them for vulnerabilities. You can set up Red Hat Advanced Cluster Security for Kubernetes to obtain image vulnerability data from many open-source and commercial container image vulnerability scanners, including:

If you are using one of these products in your DevOps workflow, you can use the RHACS portal to configure a connection with Red Hat Advanced Cluster Security for Kubernetes. Once integrated, your image vulnerabilities are surfaced in the RHACS portal and you can triage them easily.

Integrating with Anchore scanner

You can integrate Red Hat Advanced Cluster Security for Kubernetes with Anchore scanner.

Prerequisites
  • You have an Anchore scanner username and password for authentication.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Under the Image Integrations section, select Anchore Scanner. The Configure Anchore scanner image integration modal box opens.

  3. Click New Integration.

  4. Enter the details for the following fields:

    1. Integration Name: The name of the integration.

    2. Types: Select Scanner.

    3. Endpoint: The address of the scanner.

    4. Username and Password.

  5. Select Test (checkmark icon) to test that the integration is working.

  6. Select Create (save icon) to create the configuration.

Integrating with Clair

You can integrate Red Hat Advanced Cluster Security for Kubernetes with Clair for the static analysis of vulnerabilities in your images.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Under the Image Integrations section, select Clair. The Configure Anchore scanner image integration modal box opens.

  3. Click New Integration.

  4. Enter the details for the following fields:

    1. Integration Name: The name of the integration.

    2. Types: Select Scanner.

    3. Endpoint: The address of the scanner.

  5. Select Test (checkmark icon) to test that the integration is working.

  6. Select Create (save icon) to create the configuration.

Integrating with Docker Trusted Registry scanner

You can integrate Red Hat Advanced Cluster Security for Kubernetes with Docker Trusted Registry for scanning images.

Prerequisites
  • You must have a username and a password for authentication with the Docker Trusted Registry.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Under the Image Integrations section, select Docker Trusted Registry.

    The Configure image integration modal box opens.

  3. Click New Integration.

  4. Enter the details for the following fields:

    1. Integration Name: The name of the integration.

    2. Types: Select Scanner.

    3. Endpoint: The address of the registry.

    4. Username and Password.

  5. Select Test (checkmark icon) to test that the integration with the selected registry is working.

  6. Select Create (save icon) to create the configuration.

Integrating with Google Container Registry

You can integrate Red Hat Advanced Cluster Security for Kubernetes with Google Container Registry (GCR) for container analysis and vulnerability scanning.

Prerequisites
  • You must have a service account key for the Google Container Registry.

  • The associated service account has access to the registry. See Configuring access control for information about granting users and other projects access to GCR.

  • If you are using GCR Container Analysis, you have granted the following roles to the service account:

    • Container Analysis Notes Viewer

    • Container Analysis Occurrences Viewer

    • Storage Object Viewer

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Under the Image Integrations section, select Google Container Registry.

    The Configure image integration modal box opens.

  3. Click New Integration.

  4. Enter the details for the following fields:

    1. Integration Name: The name of the integration.

    2. Types: Select Scanner.

    3. Registry Endpoint: The address of the registry.

    4. Project: The Google Cloud project name.

    5. Service Account Key (JSON) Your service account key for authentication.

  5. Select Test (checkmark icon) to test that the integration with the selected registry is working.

  6. Select Create (save icon) to create the configuration.

Integrating with Quay Container Registry

You can integrate Red Hat Advanced Cluster Security for Kubernetes with Quay Container Registry for scanning images.

Prerequisites
  • You must have an OAuth token for authentication with the Quay Container Registry.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Under the Image Integrations section, select Quay Container Registry.

    The Configure image integration modal box opens.

  3. Click New Integration.

  4. Fill in the required details for:

    1. Integration Name: The name of the integration.

    2. Types: Select Scanner.

    3. Endpoint: The address of the registry.

    4. OAuth Token: The OAuth token for Quay Container Registry.

  5. Select Test (checkmark icon) to test that the integration with the selected registry is working.

  6. Select Create (save icon) to create the configuration.

Integrating with Tenable

You can integrate Red Hat Advanced Cluster Security for Kubernetes with Tenable for scanning images.

Prerequisites
  • You must have a Tenable access key and a secret key for authentication.

Procedure
  1. On the RHACS portal, navigate to Platform ConfigurationIntegrations.

  2. Under the Image Integrations section, select Tenable. The Configure Anchore scanner image integration modal box opens.

  3. Click New Integration.

  4. Enter the details for the following fields:

    1. Integration Name: The name of the integration.

    2. Source Inputs: Select Scanner.

    3. Access Key: The access key for Tenable.

    4. Secret Key: The secret key for Tenable.

  5. Select Test (checkmark icon) to test that the integration is working.

  6. Select Create (save icon) to create the configuration.