Skip to main content

Creating a Personal Access Token

  1. Sign in to Docker Hub.
  2. Select your avatar in the top-right corner and from the drop-down menu select Account settings.
  3. Select Personal Access Tokens and then Generate New Token.
  4. Add a description for your token. Use something that indicates the use case or purpose of the token.
  5. Set the access permissions. The access permissions are scopes that set restrictions in your repositories. For example, for Read & Write permissions, an automation pipeline can build an image and then push it to a repository. However, it can not delete the repository.
  6. Select Generate and then copy the token that appears on the screen and save it. You won’t be able to retrieve the token once you close this prompt.

Add the container registry credentials to Start Left

  1. Sign in to the Start Left Platform, then navigate to the Data Sources page.
  2. Click on the Docker Hub card to open the integration page.
  3. Enter the following details:
    • Username: The username provided by the personal access token.
    • Access Token: The password/token provided by the personal access token creation step above.
  4. Click Next.
  5. Add the container image [namespace]/[image name]:[tag] you want to scan.
  6. Click Save to add the integration.
The selected container images will now appear as Unmanaged Assets. This is different from repos, for example, where all repos from the organization are auto-discovered. The containers can then be mapped to product(s). Once mapped, a scan will automatically be triggered. The results will be posted to the asset and product once the scan has completed.