Question

How to set up the Lacework Proxy Scanner to integrate with a Sonatype Nexus Registry with multiple repositories?

  • 29 March 2024
  • 0 replies
  • 28 views

Userlevel 1
Badge

Instructions for how to create a proxy scanner integration can be found in the following documentation.  However, it is important to note that the example config.yml provided in the "Configure the Proxy Scanner" section is intended for a connection to a single Nexus repository with one domain/port.  If there is a need to have the proxy scanner to scan multiple repositories, the config.yml file for the proxy scanner needs to have multiple registry domains, one for each repository since in Nexus, repositories are configured and run on separate ports.  An example of a proxy scanner config.yaml file for multiple repositories can be found below. 
 

scan_public_registries: false
static_cache_location: /opt/lacework/cache
default_registry:
lacework:
account_name: lacework-account
integration_access_token: ****
registries:
- domain: NEXUS-FQDN:<port>
name: NEXUS1
ssl: true
is_public: false
credentials:
user_name: "userinregistry"
password: "*****"
notification_type: nexus
disable_non_os_package_scanning: false
go_binary_scanning:
enable: true
- domain: NEXUS-FQDN:<port>
name: NEXUS2
ssl: true
is_public: false
credentials:
user_name: "userinregistry"
password: "****"
notification_type: nexus
disable_non_os_package_scanning: false
go_binary_scanning:
enable: true

If deploying the proxy scanner via the admission controller integration to Kubernetes with helm use the same config.yml parameters as above, however the parameters must be added to a values.yaml file in order to work with the helm chart.  Reference the following documentation for details on the structure: Proxy_Scanner_Admission_Controller_Docs

Agent

N/A

Platform

Deploy Lacework/Installation

Cloud

N/A


0 replies

Be the first to reply!

Reply