Google Container Registry (GCR) Scan failing with "Forbidden" Error in Prisma Cloud

Google Container Registry (GCR) Scan failing with "Forbidden" Error in Prisma Cloud

1903
Created On 09/14/22 01:51 AM - Last Modified 05/11/23 07:33 AM


Symptom


Google Container Registry (GCR) Scan failing with "Forbidden" Error in Prisma Cloud.

Prisma Cloud Defender Logs

scanner.go:308 failed to retrieve repository, error Get "<URL>": Forbidden

Prisma Cloud Console
 

Screenshot 2022-09-14 at 6.51.47 AM.png

Environment


  • Prisma Cloud
  • Google Container Registry (GCR) 

Cause


  • Even though 'No Proxy' has been configured, all requests still routed through proxy.

Resolution


  • Bypass Proxy for GCR URL storageapis.google.com in Compute Console by going to: Manage > System > Proxy > No proxy (example shown below for Prisma Cloud Compute Edition)

Screenshot 2022-09-14 at 7.04.15 AM.png

NOTE:  If multiple URLs are configured to bypass Proxy, configure them as URL1, URL2, URL3 (space after comma) etc instead of URL1,URL2,URL3 (no space after comma).

Additional Information


Another possible reason for this error is:
  • Insufficient Admin Privileges.
Note : Ensure the Host Defender is able to access the GCR.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000sZ5YCAU&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail