-
Notifications
You must be signed in to change notification settings - Fork 96
/
docker-containers.azcli
41 lines (24 loc) · 1.07 KB
/
docker-containers.azcli
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
# ACR Trust
# Create a container registry
az acr create --resource-group az500-rg --name twaz500acr --sku Standard
# Sign into the registry
az acr login --name twaz500acr
# Pull and push an image
docker pull mcr.microsoft.com/hello-world
docker tag mcr.microsoft.com/hello-world twaz500acr/hello-world:unsigned
docker push twaz500acr/hello-world:unsigned
# List images
az acr repository list --name twaz500acr --output table
# Run image from registry
docker run twaz500acr/hello-world:unsigned
# Trusted image setup (enable content trust in ACR)
# Enable content trust
az acr config content-trust update -r twaz500acr.azurecr.io --status Enabled
docker build --disable-content-trust=false -t twaz500acr.azurecr.io/myimage:v1 .
export DOCKER_CONTENT_TRUST=1
# Grant signing permissions
az role assignment create --scope <registry ID> --role AcrImageSigner --assignee <user name>
# MS Defender for Cloud for vulnerability scanning
docker trust inspect --pretty example/trust-demo
docker trust sign example/trust-demo:v2
docker push registrydavid.azurecr.io/hello-world:signed