This example will perform a scan against a private image of spring-petclinic located in the registry. The image is publicly available at Docker Hub should you need to upload it to a private registry you have access to.

Define the Resources

Create private-image-example.yaml and ensure you enter a valid docker config.json value in the secret:

apiVersion: v1
kind: Secret
  name: image-secret
  .dockerconfigjson: # ~/.docker/config.json base64 data

kind: ImageScan
  name: private-image-example
    image: ""
  scanTemplate: private-image-scan-template

(Optional) Set Up a Watch

Before deploying, set up a watch in another terminal to see things process which will be quick.

watch kubectl get scantemplates,scanpolicies,sourcescans,imagescans,pods,jobs

For more information, refer to Observing and Troubleshooting.

Deploy the Resources

kubectl apply -f private-image-example.yaml

View the Scan Results

Once the scan has completed, perform:

kubectl describe imagescan private-image-example

and notice the Status.Conditions includes a Reason: JobFinished and Message: The scan job finished.

For more information, refer to Viewing and Understanding Scan Status Conditions.

Clean Up

kubectl delete -f private-image-example.yaml

View Vulnerability Reports

See Viewing Vulnerability Reports section

check-circle-line exclamation-circle-line close-line
Scroll to top icon