Adding a Vulnerability Scanning Rule for Container Registries

To add a scanning rule:

1. Go to Cloud Posture > Vulnerability Management.
2. On the Vulnerability Management page, select the Scanning Rules tab.
3. Click Create Scan Rule.

See image.

4. Under General:
   • For Scan Rule Name, enter a unique name for the rule.
   • For Vulnerability Scanning Type, select Cloud Container Registries.
   • For Cloud Type, select Amazon Web Services, Microsoft Azure, or Google Cloud Platform.

See image.

5. Click Next.
6. Under Resource Scope:
   1. Select the Age of the Images for Scan from the drop-down menu.

The repositories contain several image tags. You can select specific images that were added or updated during a particular duration (1 month, 3 months, 6 months, 12 months) so the scanning is triggered for images within that duration.

2. Select the Registry from the drop-down menu.
3. Select the Repository from the drop-down menu.
4. (Optional) Enter any additional Image Tags that must be included for scanning.

See image.

7. Click Next.

The Scope Test Result window displays the number of container images or workloads that are included for vulnerability scanning.

See image.

8. Click Accept and Proceed.
9. Under Scan Schedule, select Daily or Weekly to schedule the scan every day or once a week.
10. Select the time when the scan must be triggered.

See image.

10. Click Next.
11. Review the scan rule. Click the Edit icon if you want to make any changes.

See image.

12. Click Finish.

You can view the newly added scan rule on the Vulnerability Management page under Scanning Rules.