Minimum sufficient rights for integration with registries
To integrate with external image registries, a Kaspersky Container Security account must have a certain set of rights, which differs depending on the registry type. The list of the minimum account rights required for integration is given below for each registry type.
GitLab
To integrate the solution with a GitLab user's registry, you should define the parameter values as follows:
- User role in the project or group: Reporter.
- Level of access to the project: Reporter.
- Rights assigned to the user token: read_api, read_registry.
JFrog
To integrate the solution with a JFrog user's registry, you need to define the parameter values as follows:
- User role in the project or group: Manage Reports.
- Project access: Can Update Profile.
- User rights: the right to read any repository (ANY repository).
Harbor
To integrate the solution with a Harbor user's registry, you should define the parameter values as follows:
- Member type: user. To do this, specify User in the Member Type column of the table in the Projects → Members section.
- User role in the project or group: user with limited rights. To do this, you must specify Limited Guest in the Role column of the table in the Projects → Members section.
- User rights: user without administrator rights. To do this, in the Administrator column of the table in the Users section, select No.
Nexus
To integrate the solution with a Nexus user's registry, you should define the parameter values as follows:
- User role in the project or group: user.
- Rights assigned to the user role in the project or group: nx-apikey-all, nx-repository-view-docker-*-browse, nx-repository-view-docker-*-read.
Docker Hub
The solution integrates with a Docker Hub user's registry after authorization using the user name and password.
This Docker Hub registry integration option only applies to a personal namespace.