Instructions for how to create a proxy scanner integration can be found in the following documentation. However, it is important to note that the example config.yml provided in the "Configure the Proxy Scanner" section is intended for a connection to a single Nexus repository with one domain/port. If there is a need to have the proxy scanner to scan multiple repositories, the config.yml file for the proxy scanner needs to have multiple registry domains, one for each repository since in Nexus, repositories are configured and run on separate ports. An example of a proxy scanner config.yaml file for multiple repositories can be found below.
scan_public_registries: false
static_cache_location: /opt/lacework/cache
default_registry:
lacework:
account_name: lacework-account
integration_access_token: ****
registries:
- domain: NEXUS-FQDN:<port>
name: NEXUS1
ssl: true
is_public: false
credentials:
user_name: "userinregistry"
password: "*****"
notification_type: nexus
disable_non_os_package_scanning: false
go_binary_scanning:
enable: true
- domain: NEXUS-FQDN:<port>
name: NEXUS2
ssl: true
is_public: false
credentials:
user_name: "userinregistry"
password: "****"
notification_type: nexus
disable_non_os_package_scanning: false
go_binary_scanning:
enable: trueIf deploying the proxy scanner via the admission controller integration to Kubernetes with helm use the same config.yml parameters as above, however the parameters must be added to a values.yaml file in order to work with the helm chart. Reference the following documentation for details on the structure: Proxy_Scanner_Admission_Controller_Docs.
Agent
N/A
Platform
Deploy Lacework/Installation
Cloud
N/A