Skip to main content

Docker Hub

Docker Hub is my choice for a container repository. Unfortunately private repositories are a paid option but I think it's relatively cheap so it's worth getting. Once you have a private repository, you can start configuring an API key which will be used with GitHub to generate builds.

Generating An API Key

Start by going to account settings and selecting "Personalized Access Token"

Settings

Select "Generate new token"

Generate

Configure Access Token with Full Access

Token Configuration

Save Access Token

Token

Creating Repositories

Repositories in general will be public but if you have a private repository, you can generate private repositories as long as you select "Private" when you create the repository. This will require authentication later when downloading containers for use in Kubernetes.

Securing Builds

Docker Hub comes with security on your repositories called Docker Scout. You must enable this for each repository you want scanned. Enable Scout

Once you have Docker Scout enabled, you should go to Docker Scout to configure your policies.

Docker Scout

Now keep in mind that it Docker Scout only gives you two free live monitoring options without paying for it. If this is not feasible for you, use the static scanning option.

Static Scanning

No Unapproved Base Images

Go to Policies > No unapproved base images.

No Unapproved Base Image

Select Edit

Edit

Change from * to docker.io/*

Base Image Policy

Scout Scores

You should try to achieve good scores on Scout to ensure security

Scout Scores