Configuring Image Analyzer

Table of Contents

Image analyzer by Deepfactor is a service that runs alongside its Webhook. It’s responsible for fetching the image manifests of all the containers in a pod that Deepfactor will instrument. Later on, image manifests are utilized to determine container entrypoints.

By default, the image analyzer gets deployed, but the users can opt-out by adding the following settings to webhook-override.yaml.

imageanalyzer:
    enabled: false

 

Handling Private Container Registries #

Image analyzer requires access to the secrets used by the Pod in order to retrieve the image manifests of private container images.
There are two ways in which you can do the above

  1. By granting access to secrets of application namespaces (this requires the application namespaces to be created before deploying Webhook) 
    imageanalyzer:
    rbac:
    # If cluster role binding(crb) is disabled then role binding will be
    # created in the namespaces available here.
    namespaces:
      - app-namespace-1
      - app-namespace-2

     

  2. By providing the access to all the secrets in the cluster 
    imageanalyzer:
    rbac:
      # If cluster role binding(crb) is enabled then cluster role binding
      # will be created.
      crb: true
Was this article helpful?

Powered by BetterDocs

Deepfactor Icon

Deepfactor is a developer security platform that enables engineering teams to quickly discover and resolve security vulnerabilities, supply chain risks, and compliance violations early in development and testing.

Product Pricing Resources Company Documentation Login Demo

SUBSCRIBE TO OUR NEWSLETTER!

© 2023 Deepfactor, Inc. All Rights Reserved.

Privacy Policy | Terms of Service | Open Source Disclosure