Skip to main content

Red Hat Quay Integration

Notice

COMING SOON

This integration is not yet available on production environments.

Checkmarx One provides an integration with Red Hat Quay repositories, enabling you to automatically pull images from your private Quay repos and scan them using the Checkmarx One Container Security scanner. We provide a convenient wizard on the Checkmarx One Integrations page that enables you to submit your Quay credentials and create the integration.

Prerequisites

  • A Quay user with the ability to create a "Robot Account".

Limitations

  • The integration is not effective for scans run via the Checkmarx One CLI tool or associated plugins.

Step 1 - Creating a Robot Account in Quay

To create a Robot account in Quay:

  1. In the Quay console, go to Account Settings > Robot Accounts.

  2. Click on the + Create Robot Account button.

  3. In the dialog that opens, specify a meaningful name for the account (e.g., Checkmarx Integration), and optionally add a description. Then, click Create robot account.

    A window opens showing a list of repos in your account.

    Image_1996.png

  4. Select the checkbox next to each repo that you would like to integrate with Checkmarx.

  5. In the Permissions column, set Read access for each of the repos that you selected.

  6. Click on the Add permissions button.

    The new robot account is created and shown on the Robot Accounts page.

  7. Click on the name of the robot account.

    A dialog opens showing the name of the account and the authentication token (API Key).

    Image_1999.png

  8. Save the robot account name and token for use in the Checkmarx integration wizard, as described below.

Step 2 - Setting up the Integration

The Quay integration with Checkmarx is set up on the organization level. So that Checkmarx will be able to access all repos in the organization that were included in the "Robot Account" that you created in the pervious step.

To set up the Quay Integration:

  1. Go to the Integrations Integrations.png page.

  2. Click on the Quay tile under Private Registries for Containers, then click Start.

    The Quay Integration wizard opens on the right side of the screen.

    Image_1998.png

  3. Name Your Account and optionally fill in the Description and Associate Tags fields, then click Next.

  4. Under Username enter the Username for your Quay robot account.

  5. In the API Key field, enter the API key (access token) for your Quay robot account.

  6. In the URL field, enter the URL for your Quay organization, using the format https://quay.io/<org_name>.

    Alternatively, if you have configured a CxLink to access this repo, enter the CxLink (using the following format: https://<subdomain>.<domain>/link/<UUID>). Learn more about CxLink here.

  7. Click Add Account.

Monitoring Integration Status

You can monitor the status of your Quay integrations to see whether or not the integration is connected. Possible statuses are:

  • Pending - The integration was just set up and hasn't connected yet.

  • Connected - The integration is running and you are able to scan images in your JFrog Artifactory.

  • Disconnected - Checkmarx One is not currently able to access your private JFrog Artifactory.

To monitor the integration status:

  1. Go to Integrations Integrations.png > Inventory tab, and select Runtime & Cloud.

  2. Check the Status column for each of your integrations.

    Image_1785.png
In this section: