Home Explore Blog CI



docker
1st chunk of `content/manuals/scout/integrations/registry/acr.md`
ac930d2f99402068b39b2d25c2d6b6be57fc35768fe387b20000000100000c32
---
description: Integrate Azure Container Registry with Docker Scout
keywords: docker scout, acr, azure, integration, image analysis, security, cves
title: Integrate Docker Scout with Azure Container Registry
linkTitle: Azure Container Registry
---

Integrating Docker Scout with Azure Container Registry (ACR) lets you view
image insights for images hosted in ACR repositories. After integrating Docker
Scout with ACR and activating Docker Scout for a repository, pushing an image
to the repository automatically triggers image analysis. You can view image
insights using the Docker Scout Dashboard, or the `docker scout` CLI commands.

## How it works

To help you integrate your Azure Container Registry with Docker Scout, you can
use a custom Azure Resource Manager (ARM) template that automatically creates
the necessary infrastructure in Azure for you:

- An EventGrid Topic and Subscription for Image push and delete events.
- A read-only authorization token for the registry, used to list repositories,
  and ingest the images.

When the resources have been created in Azure, you can enable the integration
for image repositories in the integrated ACR instance. Once you've enabled a
repository, pushing new images triggers image analysis automatically. The
analysis results appear in the Docker Scout Dashboard.

If you enable the integration on a repository that already contains images,
Docker Scout pulls and analyzes the latest image version automatically.

### ARM template

The following table describes the configuration resources.

> [!NOTE]
>
> Creating these resources incurs a small, recurring cost on the Azure account.
> The **Cost** column in the table represents an estimated monthly cost of the
> resources, when integrating an ACR registry that gets 100 images pushed per
> day.
>
> The Egress cost varies depending on usage, but it’s around $0.1 per GB, and
> the first 100 GB are free.

| Azure                   | Resource                                                                                   | Cost                                              |
| ----------------------- | ------------------------------------------------------------------------------------------ | ------------------------------------------------- |
| Event Grid system topic | Subscribe to Azure Container Registry events (image push and image delete)                 | Free                                              |
| Event subscription      | Send Event Grid events to Scout via a Webhook subscription                                 | $0.60 for every 1M messages. First 100k for free. |
| Registry Token          | Read-only token used for Scout to list the repositories, and pull images from the registry | Free                                              |

The following JSON document shows the ARM template Docker Scout uses to create
the Azure resources.

{{< accordion title="JSON template" >}}

{{< acr-template.inline >}}
{{ with resources.GetRemote "https://prod-scout-integration-templates.s3.amazonaws.com/latest/acr_token_template.json" }}
{{ $data := .Content | transform.Unmarshal }}
Title: Integrating Docker Scout with Azure Container Registry
Summary
This document describes how to integrate Docker Scout with Azure Container Registry (ACR) to view image insights for images hosted in ACR repositories. It explains the process, including using an Azure Resource Manager (ARM) template to automatically create the necessary infrastructure in Azure, such as an EventGrid Topic and Subscription, and a read-only authorization token. The document also details the resources created by the ARM template and their associated costs.