Docker Registries
- Docker Regstries are used to store docker images which will be further used for distribution
- Docker hub is default Registry.
- Docker hub comes in two flavors
- public registry
- private registry
- There are other registries as well
- Azure Container Registry
- AWS ECR (Elastic Container Registry)
- GCR
- Artifactory(Jfrog)
- Registry: will have the following naming convention
username/repo:<tag>in docker hub and in other cases it isregistryname/repo:<tag>
Pushing image to docker hub repo
- Create a repostiory
- now build the image locally on your docker host
- now tag the image with the name according to the repo
- now login or enter credentials from docker commandline
docekr login
- Now push the image
- Generally it is a good idea to also have a latest tag on atleast one tag
- We have pushed couple of images
- docker logout will remove credentials
Azure Container Registry
- Creation
- Install azure cli
- push the images by tagging with
registryurl/reponame - watch classroom video
Elastic Container Registry
- Watch classroom recording
Vulnerability Scanning of Docker images
- As part of security scanning within pipeline we have to scan docker images for security issues.
- Security Scanning tools will scan image and Dockerfile for known vulnerabilities. Every known vulnerability has a CVE
- Tools:
- opensource/free
- trivy
- anchor
- grype
- scout (free plan)
- Paid:
- anchor (paid)
- Microsoft Azure Defender for containers
- AWS
- Jfrog Xray
- opensource/free
- Best Practices:
- Try using a base image with no vulnerabilities
- Try running ur application in container as a non-root user
- Prefer using distroless images.
