This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

How-to guides

1: Manage Repository
2: Image and Tag Management
3: Managing Image Security Vulnerabilities
4: Managing Image Tag Deletion Policies
5: Using Container Registry with CLI

The user can enter the required information for the Container Registry service and select detailed options to create the service through the Samsung Cloud Platform Console.

Create Container Registry

You can create and use the Container Registry service in the Samsung Cloud Platform Console.

Reference

Container Registry can be created up to a maximum of 2 per Account. (1 per visibility type)

To create a Container Registry service, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Create Registry button on the Service Home page. You will be taken to the Create Registry page.
On the Registry creation page, enter the information required to create the service, and select detailed options.

Enter service information area, input or select the required information.

Category	Required	Detailed description
Registry Name	Required	Registry name created by the user Must start with a lowercase English letter and be entered using lowercase English letters and numbers, 3 to 25 characters
Endpoint	Required	Set access type for registry endpoint Private: Only private endpoint access control items can be set Private&Public: Private endpoint access control items and public endpoint access control can be set
Private Endpoint Access Control	Select	Private Endpoint Access Control Settings Use is selected, you can configure it so that only specific resources within the same region’s Account, such as the registry, can be accessed Click Add for Private Access Allowed Resources to add resources that are allowed to access the registry using the private endpoint If Use is not selected, access is allowed from resources in all subnets within the same region
Public Endpoint Access Control	Select	Public Endpoint Access Control Settings If you select Enable, you can configure it so that only specific IPs in the same region as the registry can access Click Add for allowed public access IPs to add IPs and resources that are allowed to access the registry using the public endpoint If Enable is not selected, access is allowed from resources in all subnets within the same region
Visibility	Selection	Anonymous access setting for registry read (Pull) operations Selecting Public allows unauthenticated anonymous users to perform read operations (Anonymous Pull) on all registry content. This setting can be set to Public only at service creation time.

Table. Container Registry Service Information Input Items

Caution

If you do not select the use of private endpoint access control, the customer’s registry may be exposed to other resources within the Samsung Cloud Platform.
If you do not select the use of public endpoint access control, external IP access is possible in an internet environment, so the user’s bucket can be exposed externally via the internet. If external access is not required, uncheck the use checkbox to minimize security threats.

Additional Information Input Enter or select the required information in the area.
Category
Required or not
Detailed description
Tag Select Add Tag
Up to 50 can be added per resource
After clicking the Add Tag button, enter or select Key, Value values
Table. Container Registry Additional Information Input Items

Category	Required or not	Detailed description
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- When creation is complete, check the created resource on the Registry list page.

Check Container Registry detailed information

Container Registry service can view and edit the full list of resources and detailed information. Container Registry Details page consists of Details, Tags, Activity Log tabs.

To view the detailed information of the Container Registry, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Registry menu on the Service Home page. Navigate to the Registry List page.
Registry List On the page, click the resource (Registry) to view detailed information. You will be taken to the Registry Details page.

Registry Details page displays the status information and detailed information of the Registry, and consists of the Details, Tags, Activity History tabs.

Category	Detailed description
Registry Status	Status of the registry Creating: Creating Running: Creation complete/operating normally Editing: Changing settings Terminating: Deleting Error: Error occurred Unknown: Unknown
User Guide	CLI-based Registry Usage Guide
Service termination	Button to cancel the service

Category

Detailed description

Registry Status

Status of the registry

Creating: Creating

Running: Creation complete/operating normally

Editing: Changing settings

Terminating: Deleting

Error: Error occurred

Unknown: Unknown

User Guide

CLI-based Registry Usage Guide

Service termination

Button to cancel the service

Table. Container Registry status information and additional features

Detailed Information

Registry list page allows you to view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In the Container Registry service, it means registry SRN
Resource Name	Resource Name In the Container Registry service, it refers to the registry name
Resource ID	Unique resource ID in the service
Creator	User who created the service
Creation DateTime	Date and time the service was created
Editor	User who modified the service information
Modification Date and Time	Date and time when service information was modified
registry name	registry name
Bucket Name	The name of the Samsung Cloud Platform Object Storage bucket where the registry data is stored
Usage	Data usage of the Object Storage bucket for the registry
Endpoint	Access type for registry endpoint Click the Edit icon to change settings
Private Endpoint	Private endpoint URL available within the Samsung Cloud Platform network Used as an endpoint that provides compatibility with Docker and OCI Client Tool for executing Pull and Push client commands Copy button to copy the URL
Public Endpoint	Public endpoint URL available within the Samsung Cloud Platform network
Private Endpoint Access Control	Private Endpoint Access Control Settings Click the Edit icon to change whether access control is used, and add or delete accessible resources If you select access control Enabled, it is set so that only specific resources within the same region’s account, such as a registry, can be accessed If you do not select access control Enabled, access is allowed from resources in all subnets within the same region
Public Endpoint Access Control	Public Endpoint Access Control Settings Click the Edit icon to change whether access control is enabled, and add or remove accessible IPs and resources When Enable access control is selected, it is set so that only specific IPs within the Account in the same region, such as the registry, can access If Enable access control is not selected, external IP access is possible from the internet environment
Visibility	Anonymous access setting for registry read (Pull) operations If set to Public, unauthenticated anonymous users are allowed read operations (Anonymous Pull) for all content of the registry This setting can be set to Public only at service creation

Table. Container Registry Detailed Information Tab Items

Category	Detailed description
Tag List	Tag List Can check the tag’s Key and Value information Up to 50 tags can be added per resource When entering tags, search and select from the existing Key and Value list

Work History

You can view the operation history of the selected resource on the Registry list page.

Category	Detailed description
Work History List	Resource Change History Work date and time, resource type, resource name, work details, work result, operator name, path information can be checked To perform detailed search, click the Detailed Search button

Category

Detailed description

Work History List

Resource Change History

Work date and time, resource type, resource name, work details, work result, operator name, path information can be checked

To perform detailed search, click the Detailed Search button

Table. Work History Tab Items

Container Registry Cancel

You can cancel unused Container Registry to reduce operating costs. However, if you cancel the service, the running service may be stopped immediately, so consider the impact of service interruption thoroughly before proceeding with the cancellation.

Caution

If there are resources linked to the Registry, it cannot be deleted. After terminating the linked service displayed in the “cannot cancel service” popup, delete the Registry.
When you cancel the service, all data, including the bucket linked to the Registry, will be deleted. Be careful as the data cannot be recovered after deletion.

To cancel the Container Registry, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to Container Registry’s Service Home page.
Click the Registry menu on the Service Home page. You will be taken to the Registry List page.
On the Registry list page, click the resource (Registry) for which you want to view detailed information. You will be taken to the Registry details page.
Click Cancel Service on the Registry Details page.
To confirm termination, click the checkbox and enter the Registry name to delete.
If you enter the Registry name correctly, the Confirm button will be activated. Click the Confirm button.
When termination is completed, check on the Registry list page whether the resource has been terminated.

1 - Manage Repository

A repository is a logical management unit for images within a registry. By using a repository, you can set the default security policy for images generated underneath.

Create Repository

To create a repository, follow the steps below.

All Services > Container > Container Registry Click the menu. Go to the Service Home page of Container Registry.
Service Home page, click the Repository menu. Navigate to the Repository list page.
Click the Repository List page’s Create Repository button. It navigates to the Create Repository page.

Repository list at the top of the page, click the Settings icon to select an existing registry, or click Create New to create a registry.

Enter the required information on the Create Repository page and select the detailed options.

Service Information Input Enter or select the required information in the area.

Category	Required or not	Detailed description
Registry Name	Required	Select the registry name to create the repository If no registry has been created, you can create a new one via the Create New button
Repository Name	Required	Name of the repository to create Enter 3 to 30 characters using lowercase English letters, numbers, and the special character (`-`) (the start and end must be lowercase English letters or numbers)

Table. Repository Service Information Input Items

Repository Basic Policy Input Enter or select the required information in the area.

Category	Required	Detailed description
Image Scan	Option	Automatic scanning of image vulnerabilities generated in the repository and setting scan exclusion policies Ability to set a default scan policy applied when an image is created in the repository If automatic scanning is set to Enabled, the image’s vulnerabilities are automatically checked when the image is pushed. In this case, the vulnerability scanning cost is charged If the scan exclusion policy is set to Enabled, you can specify the inspection targets and vulnerabilities to exclude during image scanning Option to exclude Language Package checks, Secret checks, and vulnerabilities without a Fix Version Excludable vulnerabilities: you can select one of the following levels Exclude vulnerabilities at or below the (None / Unknown / Negligible / Low / Medium / High / Critical) level
Image Pull Restriction	Option	Policy settings for using the image Pull restriction feature generated in the repository and its limit values You can set the default Pull restriction policy applied when an image is created in the repository If you set the unscanned image Pull restriction to Enabled, pulling images that have not been vulnerability scanned is not allowed If you set the vulnerable image Pull restriction policy to Enabled, pulling images is not allowed when Critical or High level vulnerabilities exceeding the entered value are found. The input and selectable values for this policy are as follows Critical: 1 (default) ~ 9,999,999 High: 1 (default) ~ 9,999,999 Exclude vulnerabilities without a Fix Version If Enabled is selected, vulnerabilities without a Fix Version (when there is no patch version for the vulnerable package/library) are excluded from the Pull restriction policy
Image lock status	Option	You can set a lock to prevent deleting or updating any images inside the repository If the repository’s image lock status is Lock, the individual image Lock/Unlock functions within the repository are disabled Changing the image lock status of a repository that is in Lock state to Unlock enables the individual image Lock/Unlock functions Pushing new images is allowed
Image Tag Deletion	Option	You can set an automatic image deletion policy for images stored in the repository If you select Enabled for policy activation, the image deletion policy is applied Untagged Image automatic deletion, Old Image automatic deletion items set to Enabled will apply the respective image deletion policies Enter an automatic deletion period in the policy; the image will be automatically deleted after the specified period has passed since its initial push For detailed information on image tag deletion, see Image Tag Deletion Policy Management

Table. Repository Basic Policy Input Items

Additional Information Input area, please enter or select the required information.

Category	Required or not	Detailed description
Explanation	Select	Repository description Enter repository description
Tag	Select	Add Tag Up to 50 can be added per resource After clicking the Add Tag button, enter or select Key, Value values

Category

Required or not

Detailed description

Explanation

Select

Repository description

Enter repository description

Tag

Select

Add Tag

Up to 50 can be added per resource

After clicking the Add Tag button, enter or select Key, Value values

Table. Repository Additional Information Input Items

Reference

Repository default policy input items are used for the default (initial) policy settings of Images created in the Repository. (Acts as a policy setting template applied when creating an Image)
This setting can be changed on the detail view screen after creating a Repository, and from the Image created after changing the Repository default policy input items, it will be set to the changed policy. The Image policy created before the change will not be changed.
The default policy set on the Image can be modified in the Image detail screen.

Summary Check the detailed information and estimated billing amount generated in the panel, and click the Create button.
- When creation is complete, check the created resources on the Repository List page.

Check repository detailed information

Repository service can view and edit the full resource list and detailed information. Repository Detail page consists of Detailed Information, Tags, Work History tabs.

To view repository details, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Repository menu on the Service Home page. Navigate to the Repository list page.

Repository List page, click the resource (Repository) for which you want to view detailed information. You will be taken to the Repository Details page.

Repository Details page displays the repository’s status information and detailed information, and consists of Details, Tags, Activity History tabs.

Category	Detailed description
Repository Status	Display repository status Active: Available state Deleting: Deleting state Inactive: State not available due to failure during deletion (only deletion request possible) Editing: State where settings are being modified or sub-resources (images, tags) within the image are being deleted
User Guide	Repository Usage Guide Commands to use images within the repository via CLI can be checked
Delete Repository	Button to delete the repository

Category

Detailed description

Repository Status

Display repository status

Active: Available state

Deleting: Deleting state

Inactive: State not available due to failure during deletion (only deletion request possible)

Editing: State where settings are being modified or sub-resources (images, tags) within the image are being deleted

User Guide

Repository Usage Guide

Commands to use images within the repository via CLI can be checked

Delete Repository

Button to delete the repository

Table. Status Information and Additional Functions

Detailed Information

Repository list page allows you to view detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
service	service name
Resource Type	Resource Type
SRN	Unique resource ID in Samsung Cloud Platform In Repository, it means repository SRN
Resource Name	Resource Name In Repository, it means repository name
Resource ID	Unique resource ID in the service
Creator	User who created the repository
Creation Time	Repository Creation Time
Editor	User who modified the repository
Modification Date/Time	Repository Modification Date/Time
Repository Name	Repository name created by the user
Registry Name	Name of the registry to which the repository is connected Click on the resource name to go to the detail page
Description	User-entered description for the generated repository Edit icon can be clicked to change settings
Image	Link to view list of stored images in repository
Image Scan	Automatic image vulnerability scanning generated in repository and scan exclusion policy settings Set the default scan policy applied when an image is created in the repository (acts as a policy setting template applied at image creation) Edit icon click to change automatic image vulnerability scan enablement, scan exclusion policy usage, and detailed policies If automatic scanning is set to Enabled, the image’s vulnerabilities are automatically checked when the image is pushed. This setting applies only to images pushed after automatic scanning is enabled, and vulnerability checking costs are billed during automatic scanning. If the scan exclusion policy is set to Enabled, you can specify inspection targets and vulnerabilities to exclude during image scanning as follows Excludable inspection targets Exclude Language Packages Exclude Secrets Exclude vulnerabilities without a Fix Version Excludable vulnerabilities: select one of the following levels Exclude vulnerabilities at or below (None / Unknown / Negligible / Low / Medium / High / Critical) level
Image Pull Restriction	Policy settings for whether to use the image Pull restriction feature and its limit values for images generated in the repository You can set the default Pull restriction policy applied when an image is created in the repository (acts as a policy setting template applied at image creation) Click the Edit icon to change whether the image Pull restriction feature is used and its limit values If you set the unscanned image Pull restriction to Enabled, pulling images that have not been vulnerability scanned is not allowed If you set the vulnerable image Pull restriction to Enabled, pulling images is not allowed when Critical or High level vulnerabilities exceeding the entered value are found. The input and selectable values for this policy are as follows Critical: 1(default) ~ 9,999,999 High: 1(default) ~ 9,999,999 Exclude vulnerabilities without a Fix Version If Enabled is selected, vulnerabilities without a Fix Version (i.e., when there is no patch version for the vulnerable package/library) are excluded from the Pull restriction policy
Image lock status	Lock can be set to prevent deleting or updating any images inside the repository Click the Edit icon to change the image lock status If the repository’s image lock status is Lock, the Lock/Unlock function for individual images within the repository is disabled If the image lock status of a repository that is in Lock state is set to Unlock, the Lock/Unlock function for individual images becomes enabled Pushing new images is allowed
Image Tag Deletion	Set automatic deletion policy for images stored in the repository Edit icon can be clicked to change the image tag deletion policy If the deletion policy is set to Enabled, the image tag deletion policy can be applied Select Enabled for the Untagged Image automatic deletion, Old Image automatic deletion items of the deletion policy to apply those image deletion policies Enter the automatic deletion period in the deletion policy; the image will be automatically deleted after the set period has passed since it was first pushed For detailed explanation of image tag deletion, see Image Tag Deletion Policy Management

Table. Repository Detailed Information Tab Items

Category	Detailed description
Tag List	Tag List You can view the Key and Value information of tags Up to 50 tags can be added per resource When entering tags, search and select from the previously created Key and Value list

Work History

You can view the operation history of the selected resource on the Repository list page.

Category	Detailed description
Work History List	Resource Change History Work date and time, resource type, resource name, work details, work result, operator name, path information can be checked

Table. Work History Tab Items

Delete Repository

Caution

If an Image exists in the Repository, you cannot delete the Repository. To delete the Repository, first delete all Images in that Repository, then delete the Repository.

To delete a repository, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
On the Service Home page, click the Repository menu. Go to the Repository list page.
Click the resource (Repository) for which you want to view detailed information on the Repository List page. You will be taken to the Repository Details page.
On the Repository Details page, click Delete Repository.
Delete Repository In the popup window, please enter the Repository name.
If you enter the Repository name correctly, the Confirm button will be enabled. Click the Confirm button.
If termination is completed, check on the Repository list page whether the resource has been terminated.

2 - Image and Tag Management

Images are the logical management unit of tags. Users can efficiently manage image versions using tags.

Generate Image

To generate an image, the repository must be created first. For detailed information about creating a repository, refer to Repository Management.

Images are created by pushing images or OCI standard artifacts using the CLI with the registry endpoint.
To push an image via CLI, refer to the official documentation provided by the client tool you are using or Using CLI.

Check image detailed information

Image can view and edit the full resource list and detailed information. The Image detail page consists of Details, Tags, Delete Policy Test tabs.

To view the image details, follow the steps below.

All Services > Container > Container Registry menu, click. Go to the Service Home page of Container Registry.
Click the Image menu on the Service Home page. Navigate to the Image list page.
Image list at the top of the page, click the Settings icon to select the Registry name and Repository name where the Image for viewing detailed information is stored.
- If there is no desired item, click Create New to register the Registry and Repository, then you can select it.

Click the resource (Image) to view detailed information on the Image List page. You will be taken to the Image Details page.

Image Details page displays the Image’s status information and detailed information, and consists of Detailed Information, Tags, Delete Policy Test tabs.

Category	Detailed description
Image Status	Represents the status of the image Active: Available state Deleting: Deleting state Inactive: State where deletion failed and not usable (only deletion request possible) Editing: State of modifying settings or deleting image sub-resources (tags)
User Guide	CLI-based Image Usage Guide
Image Delete	Button that deletes the image

Category

Detailed description

Image Status

Represents the status of the image

Active: Available state

Deleting: Deleting state

Inactive: State where deletion failed and not usable (only deletion request possible)

Editing: State of modifying settings or deleting image sub-resources (tags)

User Guide

CLI-based Image Usage Guide

Image Delete

Button that deletes the image

Table. Image status information and additional functions

Detailed Information

On the Image list page, you can view the detailed information of the selected resource and, if necessary, edit the information.

Category	Detailed description
Creator	User who generated the image
Creation time	Image creation time
Editor	User who edited the image
Edit date and time	Date and time the image was edited
Image name	User-generated image name
Registry name	Registry name and view link of the repository where the image is stored
Pulls	Number of times the image was pulled
Repository Name	Name of the repository where the image is stored and view link
Description	User-entered description for the image Click the Edit icon to edit the description
Image Scan	Image vulnerability automatic scan and scan exclusion policy settings Set image scan policies to automatically check vulnerabilities of pushed images or specify inspection targets and vulnerabilities to exclude during image scanning Click the Edit icon to change whether image vulnerability automatic scanning is enabled, whether the scan exclusion policy is used, and detailed policies If image automatic scanning is set to Enabled, the image’s vulnerabilities are automatically checked when the image is pushed. This setting applies to images pushed after automatic scanning is enabled, and vulnerability checking costs are charged during automatic scans If the scan exclusion policy is set to Enabled, you can specify inspection targets and vulnerabilities to exclude during image scanning as follows Excludable inspection targets Exclude Language Package Exclude Secret Exclude vulnerabilities without Fix Version Excludable vulnerabilities: you can select one of the following levels Exclude vulnerabilities at levels (None / Unknown / Negligible / Low / Medium / High / Critical) and below
Image Pull Restriction	Set usage of Image Pull Restriction feature and restriction values Using the Image Pull Restriction feature limits the pulling of unscanned or vulnerable images to minimize security threats Edit icon to click to change the usage of the Image Pull Restriction feature and its restriction values If the unscanned image Pull restriction is set to Enabled, pulling images that have not been vulnerability-checked is not allowed If the vulnerable image Pull restriction is set to Enabled, pulling images is not allowed when Critical or High level vulnerabilities exceeding the entered value are found. The input and selectable values for this policy are as follows Critical: 1 (default) ~ 9,999,999 High: 1 (default) ~ 9,999,999 Exclude vulnerabilities without a Fix Version When selected as Enabled, vulnerabilities without a Fix Version (i.e., vulnerable packages/libraries lacking a patch version) are excluded from the Pull restriction policy
Image lock status	You can set a lock so that the selected image cannot be deleted or updated Edit icon can be clicked to change the image lock status If the image lock status is Lock, the image and all internal Tags are changed to a locked state and cannot be deleted or updated If you change the image lock status from Lock to Unlock, the image and all internal Tags can be deleted or updated
Image Tag Deletion	Set automatic deletion policy for images stored in the repository Edit icon can be clicked to change the image tag deletion policy If the deletion policy is set to Enabled, the image tag deletion policy can be applied Select Enabled for the Untagged Image automatic deletion and Old Image automatic deletion items of the deletion policy to apply those image deletion policies Enter the automatic deletion period in the deletion policy; the image will be automatically deleted after the set period has passed since it was first pushed For detailed explanation of image tag deletion, see Image Tag Deletion Policy Management

Table. Image detailed information items

Delete Image

Caution

If you delete the image, all tags within the image will be deleted as well.

To delete the Image, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Image menu on the Service Home page. It moves to the Image List page.
Image list Click the Settings icon at the top of the page and select the Registry name and Repository name where the Image to be deleted is stored.
Click the resource (Image) to delete on the Image List page. You will be taken to the Image Details page.
Click the Delete Image button on the Image Details page.
Image Delete when the popup appears, click the Confirm button.
After deletion is complete, check on the Image List page whether the resource has been deleted.

Check detailed image tag information

To view detailed image tag information, follow these steps.

All Services > Container > Container Registry Click the menu. Go to Container Registry’s Service Home page.
Click the Image menu on the Service Home page. Navigate to the Image list page.
Image List Click the Settings icon at the top of the page and select the Registry name and Repository name where the Image to view detailed information is stored.

Image List page, click the resource (Image) to view detailed information. Navigate to the Image Details page.

Image Details Click the Tags tab on the right side of the detailed information tab at the top of the page. Go to the Tags List page.

Column	Detailed description
Tags	Tag name of image Digest A single image Digest can have multiple tag names
Digest	Image Digest value
Size	Image Digest size
Edit Timestamp	Image Digest(Tags) Edit Timestamp
Inspection Date and Time	Image Digest (Tags) Vulnerability Inspection Date and Time
Vulnerability Check Result	Image Digest (Tags) Vulnerability Check Result Summary of vulnerability count information and a view result button are displayed View Result button can be clicked to view detailed vulnerability analysis results for the image tags
Status	Status for image Digest (Tags) Active: Normal usable state Deleting: Deleting state Inactive: Deletion failed and not usable (only delete request possible)
Copy URL	Copy endpoint URL for using image Digest You can copy the private/public endpoint URL to use in commands for using image Digest
More button	Menu to select delete, edit, vulnerability check, and detailed usage guide for image Digest (Tags) Delete: Delete the specified image Digest (Tags) Edit Tags: Tag name of the image Digest can be edited in the Tags edit window Vulnerability Check: Vulnerability check available for image Digest (Tags) Detailed Usage Guide: Can view a guide for using image Digest (Tags) based on CLI Tags Lock: Can set a lock so that selected image Tags cannot be deleted or updated Tags Unlock: Can remove the lock to allow selected image Tags to be deleted or updated

Table. Tags list items

Reference

Image digests that are in an Untagged state without a tag name are displayed as None in the Tags field.

Detailed Information

Click the Tags of the image Digest whose details you want to view in the list of Tags in Image details. The detailed information window for the image Digest (Tags) will appear.

Column	Detailed description
Tag Information	Displays tag name, digest, creation date and time, modification date and time Click the Copy button at the far right of the digest value to copy the digest value
Manifest Information	Displays manifest type and detailed content Copy Manifest click to copy the manifest value Download click to download the manifest as a JSON file

Column

Detailed description

Tag Information

Displays tag name, digest, creation date and time, modification date and time

Click the Copy button at the far right of the digest value to copy the digest value

Manifest Information

Displays manifest type and detailed content

Copy Manifest click to copy the manifest value

Download click to download the manifest as a JSON file

Table. Tags detailed information window items

If you check the information in the tag detail window and click Confirm, the window will close.

Delete image tags

Caution

If there are other tags referencing the selected tag, you cannot delete the tag. Delete the referencing tags first, then delete the tag.

To delete an image tag, follow these steps.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Image menu on the Service Home page. Go to the Image list page.
Click the Settings icon at the top of the Image List page and select the Registry name and Repository name where the Image to view detailed information is stored.
Click the resource (Image) to view detailed information on the Image List page. You will be taken to the Image Details page.

Click the Tags tab on the right side of the detailed information tab at the top of the Image Details page. You will be taken to the Tags List page.

In the Tags list, select the checkbox located to the left of the tag you want to delete, then click Delete.
- If you select checkboxes for multiple items, you can delete multiple tags at once, and you can select and delete up to 50 tags at a time.
- You can delete tags one by one by clicking the Delete button inside the more options button located at the right end of the tag to be deleted.
Delete Tags When the popup window opens, click Confirm.
Once deletion is complete, check on the Tags list page whether the resource has been deleted.

Testing image tag deletion policy

To test the image tag deletion policy you set, follow the steps below.

All Services > Container > Container Registry menu, click. Navigate to the Service Home page of Container Registry.
Click the Image menu on the Service Home page. Navigate to the Image list page.
Image List Click the Settings icon at the top of the page and select the Registry name and Repository name where the Image to view detailed information is stored.
Click the resource (Image) to view detailed information on the Image List page. You will be taken to the Image Detail page.
- Image Details Click the Delete Policy Test tab on the right of the Detailed Information tab at the top of the page. You will be taken to the Delete Policy Test tab page.
Delete Policy Test on the tab page, click the Policy Test button of the Delete Target Tags item. The delete policy test will be executed.
When the delete policy test execution notification popup opens, click the Confirm button.
- When the test execution request is completed, the phrase Deletion policy test execution request has been completed is displayed.
Check the test results when the deletion policy test is completed.
- Deleted Target Tags item shows the image tags (digests) that are subject to the deletion policy.

3 - Managing Image Security Vulnerabilities

By using the image security vulnerability inspection feature, you can manually or automatically check the OS package security vulnerabilities of images stored in the Container Registry and the Secrets included in the image. Users can identify and remove known vulnerabilities (CVE) and Secrets based on the inspection results to prevent the use of unsafe images.

Vulnerability Inspection Support Information

Supported OS

Vulnerability inspection function supports checking libraries installed via package manager on the following OS.

Supported OS
Ubuntu
Cent OS
Oracle
Debian
Alpine
AWS Linux
RHEL
Suse
VMWare Photon

Table. Supported OS Types

Support Language

The vulnerability inspection feature supports checks for the following Language.

Support Language
Python
PHP
Node.js
.NET
Go
Dart

Table. Supported Language Types I (Libraries installed with the Language package manager)

Support Language
Java

Table. Supported Language Types II (libraries identified based on pom.properties and MANIFEST.MF files included in jar, war, par, ear type files)

Support Secret

Vulnerability assessment feature supports the following types of Secrets included in the image.

Support Secret
AWS access key
GitHub personal access token
GitLab personal access token
Asymmetric Private Key

Table. Supported Secret Types

Check Image Security Vulnerabilities (Manual)

To check image security vulnerabilities, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Image menu on the Service Home page. Navigate to the Image list page.
Image list Click the Settings icon at the top of the page and select the Registry name and Repository name where the Image stored for checking detailed information is located.
Image List page, click the resource (Image) to check security vulnerabilities. Image Details page will be opened.

Image Detail Click the Tags tab to the right of the detailed information tab at the top of the page. You will be taken to the Tags tab page.

Tags On the Tags tab page, click the More button located at the far right of the tag you want to check for security vulnerabilities, then click Vulnerability Check.
When the vulnerability check notification popup opens, click the Confirm button.
- When the inspection starts, Vulnerability inspection will be conducted. is displayed.
- When the inspection is finished, the Vulnerability Inspection Results item will display a summary of the inspection results and a View Results button. Clicking the View Results button will open a popup where you can see the detailed analysis results of Vulnerabilities by Image Digest (Tags).
  Reference
  - View Results button, when clicked, shows the detailed analysis results of vulnerabilities for the image tag.
    If a red exclamation mark icon (!) appears in the inspection date/time field after a vulnerability check, it means the vulnerability check list for the Container Registry service has been updated. Click Vulnerability Check as a new vulnerability item check is required for the image Digest (Tags), so we recommend rechecking.

Check image security vulnerability assessment results

To check the vulnerability assessment results, follow the steps below.

All Services > Container > Container Registry Click the menu. Navigate to the Service Home page of Container Registry.
Click the Image menu on the Service Home page. Navigate to the Image list page.
Image List Click the Settings icon at the top of the page and select the Registry name and Repository name where the Image to view detailed information is stored.
On the Image List page, click the resource (Image) to check for security vulnerabilities. You will be taken to the Image Details page.

Image Detail Click the Tags tab on the right side of the detailed information tab at the top of the page. It will navigate to the Tags tab page.

Tags on the tab page, click the View Results button of the Vulnerability Assessment Results item of the tag to check the vulnerability assessment results.
Vulnerabilities by Image Tags Check the results in the popup window where you can view the detailed analysis results.

Check inspection results by vulnerability unit

Image Tag-specific Vulnerabilities detail page’s Vulnerabilities tab allows you to view image security vulnerability assessment results by vulnerability.

Item	Detailed description
Vulnerability Check	Vulnerability Check button Clicking the button starts the vulnerability check However, if the tag status is Inactive, Vulnerability Check button is not activated
Inspection Date/Time	Vulnerability Inspection Date/Time
Distribution	OS name and version of the image Digest (Tags) under inspection Refer to the supported OS list
Total number of vulnerabilities	Vulnerability assessment summary The total number of detected vulnerabilities and the count by severity are displayed as a graph Vulnerabilities are classified into six levels by severity (Critical, High, Medium, Low, Negligible, Unknown)

Table. Summary of Vulnerability Inspection Results

Vulnerability tab allows you to view the list of all discovered vulnerabilities.

Item	Detailed description
CVE	External link to verify the detected vulnerability ID (CVE ID) and detailed information about the vulnerability CVE (Common Vulnerabilities and Exposures)
Severity	Severity of detected vulnerability
CVSS	CVSS (Common Vulnerability Scoring System) based vulnerability score
Category	Inspection target type of detected vulnerabilities OS package or Language package is displayed
OS/Language	OS or Language package type of detected vulnerability Refer to the list of supported OSes and supported Languages
Package	Name of package with discovered vulnerability
Current version	Current version of the package where vulnerability was found (vulnerable version)
Fixed version	Version where the vulnerability of the discovered package has been addressed
Modification status	Existence of a version with the vulnerability fixed for the package where the vulnerability was discovered (existence of a vulnerability patch version)
Expand button	View vulnerability detailed information Expand button click displays detailed information about the vulnerability at the bottom You can view the Description and Vectors results for the vulnerability. Detailed explanations for each Vector value are provided as tooltips The detailed information opened with the Expand button can be closed by clicking the Collapse button

Table. Vulnerability List Item

Check inspection results by package unit

Image Tag Vulnerabilities detailed page, when you click the Package tab, you are taken to the package-specific vulnerability page. In the Package tab, you can view the image security vulnerability check results by package.

Item	Detailed Description
Vulnerability Check	Vulnerability Check button Clicking the button starts the vulnerability check However, if the tag status is Inactive, Vulnerability Check button is not activated
Inspection Date/Time	Vulnerability Inspection Date/Time
Distribution	OS name and version of the image Digest (Tags) to be inspected Refer to the supported OS list
Total package count	Summary of total package information The total number of discovered packages and the number of packages based on vulnerability presence are displayed as a graph.

Table. Summary items of package vulnerability inspection results

Package tab allows you to view the full package list, as well as the list of packages with discovered vulnerabilities and the list of packages without discovered vulnerabilities.

Item	Detailed description
Category	Type of discovered package Display OS package or Language package
OS/Language	Detailed OS or Language type of the discovered package Refer to the list of supported OS and supported Language
Package	Detected package name
Version	Current version of the package
Vulnerability Inspection Result	Summary Information of Number of Vulnerabilities Contained in Package
Type	OS or Language type and details of the discovered package

Table. Package List Items

Check results by secret unit

Image Tag Vulnerabilities on the detail page, click the Secret tab to go to the secret-specific vulnerability page. You can view the image security vulnerability scan results by secret.

Item	Detailed description
Vulnerability Check	Vulnerability Check button Click the button to start vulnerability check However, if the tag status is Inactive, the Vulnerability Check button will not be activated
Inspection date/time	Vulnerability inspection date/time
Distribution	OS name and version of the target image Digest (Tags) Refer to the supported OS list
Total number of vulnerabilities	Vulnerability result summary The total number of detected vulnerabilities and the number of vulnerabilities by severity are displayed as a graph Vulnerabilities are classified into six levels by severity (Critical, High, Medium, Low, Negligible, Unknown)

Table. Summary of secret vulnerability inspection results

In the Secret tab, you can view the full list of secret files, as well as the lists of files with discovered vulnerabilities and files without discovered vulnerabilities.

Item	Detailed description
File	File name of detected secret
Category	Detected secret type Refer to the supported secret list
Severity	Detected secret severity
Match	Secret match information in detected file

Table. Secret list items

4 - Managing Image Tag Deletion Policies

The user can register and manage the image tag deletion policy.

Managing image tag deletion policies

The image tag deletion policy refers to the policy that automatically deletes an image when a certain period of time has passed since it was first pushed to the repository. If the image tag deletion policy is enabled, the image tags (digest) stored in the Container Registry will be automatically deleted according to the set deletion policy.

Notice

After enabling the deletion policy and setting it to use, the image tag (digest) to which the deletion policy is first applied will be deleted within a maximum of 3 days (72 hours). Subsequent image tags (digests) to which the deletion policy is applied will be deleted within a maximum of 1 day (24 hours).
Image tags (digests) to which the deletion policy is applied are permanently deleted and cannot be recovered.

Support deletion policy information

Describes policy information that supports deleting image tags.

Support Policy

It supports a policy that allows you to set automatic deletion and period for image tags (digest).

Support Policy
Untagged Image
Old Image

Table. Image tag deletion support policy type

Set the image tag (digest) deletion policy

To set the image tag (digest) deletion policy, follow these steps.

Click All services > Container > Container Registry menu. It moves to the Service Home page of Container Registry.
Service Home page, click the Image menu. It moves to the Image list page.
Click the gear button at the top of the Image 목록 page. The Registry/Repository 설정 popup window opens.
Registry/Repository settings In the popup window, select the Registry name and Repository name where the Image to be set for the deletion policy is stored, and click the OK button.
Image list page, click the resource (Image) to set the deletion policy. Move to the Image details page.
Image Detail page’s Detail Info tab, click the Edit icon of the Delete Image Tag item. The Edit Delete Image Tag popup window will open.
Image Tag Deletion Modification In the popup window, enter and select the necessary information and activation status, and click the Confirm button.
- Delete policy activation is set to Use, the image tag (digest) will be automatically deleted according to the set delete policy.
- Select the deletion policy to apply and enter the period from when the image was first pushed to the repository to when it will be automatically deleted.
When the update notification popup window opens, click the Confirm button.
- When the modification is complete, Image tag deletion modification was successful message will be displayed.

Reference

You can also set a deletion policy in the Repository that plays the role of a template for the Image. When setting a deletion policy in the Repository, the set deletion policy is applied equally to all Images stored inside.

Image tag (digest) deletion policy test

To test the image tag (digest) deletion policy, follow these steps.

Click All services > Container > Container Registry menu. It moves to the Service Home page of Container Registry.
On the Service Home page, click the Image menu. It moves to the Image list page.
Click the gear button at the top of the Image 목록 page. The Registry/Repository 설정 popup window will open.
Registry/Repository Settings In the popup window, select the Registry name and Repository name where the Image to be set for the deletion policy is stored, and click the Confirm button.
On the Image List page, click the resource (Image) to test the deletion policy. It moves to the Image Detail page.
Image Detail page, click the Deletion Policy Test tab. Move to the Deletion Policy Test tab page.
Deletion Policy Test tab page, to test the deletion policy set, click the Policy Test button at the bottom of the deletion target Tags.
When the deletion policy test notification popup window opens, click the Confirm button.
- When the test run application is completed, the phrase The deletion policy test run application has been completed will be displayed.
- After the test is completed, the image tags (digest) that are the target of the deletion policy will be displayed in the Deletion Target Tags section.

5 - Using Container Registry with CLI

This explains how to log in to the Container Registry using the CLI command and manage Container images and Helm charts.

Managing Container Images with CLI

You can log in to the Container Registry and push or pull container images using the CLI command.

Logging in to Container Registry

The user can log in to the Container Registry using the authentication key.

Reference

To log in to Container Registry, you need LoginContainerRegistry permission for the registry you want to use.
For more information on policy and permission settings, see Management > IAM > Policy.

Logging in with an authentication key

Logs in using the AccessKey and SecretKey of the authentication key and the registry endpoint.

Registry endpoint : Container Registry details page can be found.
Private endpoint : [registryname-registryid].scr.private.[region].[offering].samsungsdscloud.com

1 docker login <registry_endpoint>
2 Username: <accessKey>
3 Password: <secretKey>

Reference

To log in with an authentication key, you must create an authentication key on the IAM > Authentication Key Management page and set the authentication method to Authentication Key Authentication in the Security Settings.

Security settings should be checked before modifying the Authentication key security settings modification popup at the top with a notice about the authentication key authentication method. For more information on how to create an authentication key and set up authentication key authentication, see Management > IAM > Managing Authentication Keys.

Pushing Images

To push an image to the registry, please refer to the following command.

1 docker push [registryname]-[registryid].scr.private.[region].[offering].samsungsdscloud.com/[repository]/[image:tag]

Reference

To push an image to the registry, you need LoginContainerRegistry permission for the registry to be used and PushRepositoryImages permission for the repository. For more information about policy and permission settings, see Management > IAM > Policy.

Image Pulling

To pull an image from the registry, please refer to the following command.

1 docker pull [registryname]-[registryid].scr.private.[region].[offering].samsungsdscloud.com/[repository]/[image:tag]

Reference

To pull an image from the registry, you need LoginContainerRegistry permission for the registry to be used and PullRepositoryImages permission for the repository. For more information about policy and permission settings, see Management > IAM > Policy.

Managing Helm Charts with CLI

You can log in to the Container Registry using the CLI command and push or pull the Helm chart.

Reference

Container Registry supports Helm v3.8.1 and above.

Logging in to Container Registry

The user can log in to the Container Registry using the authentication key.

Reference

To log in to Container Registry, you need LoginContainerRegistry permission for the registry you want to use.
For more information about policy and permission settings, see Management > IAM > Policy.

Logging in with an authentication key

Logs in using the AccessKey, SecretKey of the authentication key and the registry endpoint.

Registry endpoint : Container Registry details page can be found.
Private endpoint : [registryname-registryid].scr.private.[region].[offering].samsungsdscloud.com

1 helm registry login <registry_endpoint>
2 Username: <accessKey>
3 Password: <secretKey>

Reference

Security settings should be checked before modifying the Modify authentication key security settings popup at the top, and the guidance phrase for the authentication key authentication method must be confirmed. For more information on how to create an authentication key and set up authentication key authentication, see Management > IAM > Managing Authentication Keys.

Chart Push

To push a chart to the registry, please refer to the following command.

1 helm push [hello-world-0.1.0].tgz oci://[registryname]-[registryid].scr.private.[region].[offering].samsungsdscloud.com/[mychart]

As shown in the example, writing and executing the command will save (upload) the chart to the mychart repository with the hello-world image and apply the 0.1.0 tag.

To push charts to a registry, you need the LoginContainerRegistry permission for the registry you want to use and the PushRepositoryImages permission for the repository. For more information about policy and permission settings, see Management > IAM > Policy.

Chart Pulling

To pull charts from the registry, please refer to the following command.

1 helm pull oci://[registryname]-[registryid].scr.private.[region].[offering].samsungsdscloud.com/[mychart/hello-world] -version [0.1.0]

As shown in the example, writing and executing the command downloads the chart saved with the tag 0.1.0 in the hello-world image in the mychart repository.

To pull charts from a registry, you need the LoginContainerRegistry permission for the registry you want to use and the PullRepositoryImages permission for the repository. For more information about policy and permission settings, see Management > IAM > Policy.