Minimum sufficient rights for integration with registries

To integrate with external image registries, a Kaspersky Container Security account must have a certain set of rights, which differs depending on the registry type. The list of the minimum account rights required for integration is given below for each registry type.

GitLab

To integrate the solution with a GitLab user's registry, you should define the parameter values as follows:

• User role in the project or group: Reporter.
• Level of access to the project: Reporter.
• Rights assigned to the user token: read_api, read_registry.

JFrog Artifactory

To integrate the solution with a JFrog user's registry, you should define the parameter values as follows:

• User role in the project or group: Manage Reports.
• Project access: Can Update Profile.
• User rights: the right to read any repository (ANY repository).

Harbor

To integrate the solution with a Harbor user's registry, you should define the parameter values as follows:

• Member type: user. To do this, specify User in the Member Type column of the table in the Projects → Members section.
• User role in the project or group: user with limited rights. To do this, you must specify Guest in the Role column of the table in the Projects → Members section.
• User rights: user without administrator rights. To do this, you must select No in the Administrator column of the table in the Users section.

Nexus

To integrate the solution with a Nexus user's registry, you should define the parameter values as follows:

• User role in the project or group: user.
• Rights assigned to the user role in the project or group: nx-apikey-all, nx-repository-view-docker-*-browse, nx-repository-view-docker-*-read.

Docker Hub

The solution integrates with a Docker Hub user's registry after authorization using the user name and password.

This Docker Hub registry integration option only applies to a personal namespace.

RedHat Quay

To integrate the solution with a RedHat Quay user's registry, the following rights and permissions are required:

• User permissions for correct operation of the Test Connection functionality: user with the Administer Organization permissions.
• View all visible repositories permissions.
• Read/Write to any accessible repositories permissions.

Yandex

To integrate the solution with a Yandex user's registry, you should define the parameter values as follows:

• User role in the project or group: container-registry.viewer.
• Permissions given to a user role in a project or group: view container registries.

Amazon Elastic Container Registry

To integrate the solution with an Amazon Elastic Container Registry user's registry, you should define the parameter values as follows:

• AWS policy for accessing a project or group: AmazonEC2ContainerRegistryReadOnly.
• Permissions given to a user role in a project or group: view and read.

Page top