How to Configure Azure Container Registry (ACR) for Scanning using Service Key as Authentication method in Prisma Cloud?
23249
Created On 01/24/23 03:29 AM - Last Modified 04/07/23 08:28 AM
Objective
- How to Configure Azure Container Registry (ACR) for Scanning using Service Key as Authentication method in Prisma Cloud?
Environment
- Prisma Cloud
- Azure Container Registry
Procedure
Step 1 : Under Compute section, Go to Manage > Cloud Accounts > Add account
Step 2 : Select Cloud Provider as Azure.
Step 3 : Select Authentication method as Service key.
Step 4 : Enter the Azure Service Key Principle under 'Service Key'. Ensure it is entered in correct JSON format.
NOTE : If the Service Key is not entered correctly, you may run into the following Error 'Azure credentials should be in JSON format'.
- To avoid this Error, copy the output of Service Key Principle (including the brackets) and save it to a text file.
- Then, copy the contents of the text file and enter it in Step 4.
Reference : AZURE CREDENTIALS SHOULD BE IN JSON FORMAT
NOTE : Ensure the User --role that created the Service Key on Azure is either
contributor = Cloud Discovery + Azure Container Registry Scanning + Azure Function Apps Scanning
reader = Cloud Discovery + Azure Container Registry Scanning
Step 5 : Once done, proceed to Defend > Vulnerabilities > Images > Registry Settings > Add Registry.
Step 6 : Select version as 'Azure Container Registry', add the Registry Address (ends with azurecr.io) and select the Credential created in Steps 1 - 4. Once done, click on Add.
Note : Other fields are optional and can be configured as per your business needs and requirement. Once done, you can initiate a Manual Scan.