# IaC on GCR Scan

{% embed url="<https://youtu.be/uYTivs_22to>" %}

### Prerequisites&#x20;

* Google account&#x20;
* Created project in Google Console&#x20;
* Private repositories with images in Google Container Registry&#x20;

### Scan Public images

Go to **‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘GCR’** and insert name of the image you want to scan:

<figure><img src="https://lh4.googleusercontent.com/OyYOKQmoHNRRwu1XoJEBDzm8g-fd9QYPXusqs2BmaKcCHgXO69KpK9sYZ9nIuVCK1vSiAGoY6TIBqNJBeGzW1ZyVGxhdWRW_WWuJz3e-4Jl0qGgw76DSgPVUVMzTxaQHSU_nppAG04YCUrYm0kkIQZ9IWH5v9mXnDra3-i9BvwCuu7PmNF7voJSzYA" alt=""><figcaption></figcaption></figure>

After the scan new application with the name of the image will be created:

<figure><img src="https://lh4.googleusercontent.com/UZjyQ5E1ksIt-3m65TF2jJQJPECnowIMMHCwKtAjBe9J5cocxO3VkX3GUWs4m0-hUdLRfznzLSY0RKV6I4A24W0hhogwG6Re67N6exbUw5pdr9OXJKHPvTVoneOuX0EsiK2QKRk5Rjx2f9iezAAzHkyACxy5Pu0nGds5RLA24AFDL3ZAZSJJKEZvMw" alt=""><figcaption></figcaption></figure>

### Scan Private images

#### Step 1: Create a Service account.&#x20;

Go to ‘Google console’ -> ‘IAM & Admin’ -> ‘Service accounts’ -> ‘Create service account’. Fill ‘Service account name’ and ‘Service account ID’:

<figure><img src="https://lh4.googleusercontent.com/pKESeKQhJ3i9s8zbArY5e7zug4qQzvgcIliwlTeTys1BeP3pMlOknD22x04oDCTy39TJR0fFYV6uVrUgH8QoL2pBbLC5x_74zisFIX0CW86VDh_dgSzN3504JHl7l5Y4gKIP9CGSEMeSg83zCnhv3F86NPFxTGBS0Wzh3f9rac0lTFA6kz5Qf_EtmA" alt=""><figcaption></figcaption></figure>

In the next section select ‘Storage Object Viewer’ role:

<figure><img src="https://lh6.googleusercontent.com/aD_SQiYUoLBalVbySIoEmVTKz5UgTLscoUSXmVWz3hpQhiOpoR9mWO-8-Tt1Tzo4VTWdRj23pxpR81lXD35FjdCR8sj5HO-iSzTVubyG-aUEo26Xs0W6ZSuIsP7L4QapY7ZKw7oFCthEBrJRlA6Gkhj9QLzMERoOkxcQ2WmKdjh-dJ7s27GxOMMXFA" alt=""><figcaption></figcaption></figure>

Click on the created account and go to the ‘Keys’ tab. Create JSON key:

<figure><img src="https://lh6.googleusercontent.com/NBlI26PATPQ6sf_Cf-1hcnydkBHoBI1TeOoI0o2MgtUrVpLW6UFHXjhnVrkNmmiV2BHvbyrGmLsJy5cpQA4puXZe94_07w49Ezw_Gp_fgx06dfbef8B1sHO1z1LyIACYyfE2BHDMFITFjPdgOY4qYECDHGAzeQqPG16z3i9LDKio3UoI9hBs844zIg" alt=""><figcaption></figcaption></figure>

Credentials file will automatically download.

#### Step 2: Add Google Container Registry integration in CloudDefense.&#x20;

Go to ‘Integrations’ -> ‘Container Coverage’ -> ‘Google Container Registry’. Choose downloaded credentials file:

<figure><img src="https://lh5.googleusercontent.com/830hvhya33oknzF5ohescKnANf820LZd-NFCKQZ6OhDcsZOnBpFGdISC1NklXXs9eSTQmcA1zF-p_7TsSfXCF38_g3naJg3uYPOmfwC85q9PtLM10YgvG5eoisuI8GzZjzpzaaO3aD36OJf64lfbLLcQ9-_Rg-Ih7_UI-aXzoRogOuP1OvXBOT9g2A" alt=""><figcaption></figcaption></figure>

Click ‘Configure’.

#### Step 3: Scan your private images.

After successful configuration you can scan your own images.

Go to the **‘Integrations’ -> ‘Container Coverage’ -> ‘Google Container Registry’ or ‘Applications’ -> ‘Scan’ -> ‘Other’ -> ‘Google Container Registry’ -> ‘Your own images’.** Choose host and the image (images) you want to scan:

<figure><img src="https://lh3.googleusercontent.com/i3eaj0AzOcJG2Kg23rE7MggfPFKvjCzZS65_hwnUQv1n5kVJJN8KruTmczyfYppOPYmUrx-tGPPNvydMR183MjLo7T7afFy3mtmU4qCPMboLJCE_A0Cu-zGpX-W-8Ek0DfJUyuHgwtVbPhaJnbsxxKCw_FVoB208nWocuxbB8k38lubmQt0aG7DAWA" alt=""><figcaption></figcaption></figure>