Quay Enterprise supports scanning container images for known vulnerabilities with a scanning engine such as Clair. This document explains how to configure Clair with Quay Enterprise.
Sign in to a super user account and visit http://yourregister/superuser
to view the management panel:
In the "Security Scanner Endpoint" field, enter the HTTP endpoint of a Quay Enterprise-compatible security scanner such as Clair.
To connect Quay Enterprise securely to the scanner, click "Create Key >" to create an authentication key between Quay and the Security Scanner.
If the security scanning engine is running on multiple instances in a high-availability setup, select "Generate shared key":
Enter an optional expiration date, and click "Generate Key":
Save the key ID and download the preshared private key into the configuration directory for the security scanning engine.
If the security scanning engine is being run on a single instance, select "Have the service provide a key":
Once the following dialog is visible, run the security scanning engine:
When the security scanning engine connects, the key will be automatically approved.