Beta

Docker Certified Associate Exam Course

Docker Trusted Registry

Demo Docker Trusted Registry

In this guide, we’ll walk through key Docker Trusted Registry (DTR) tasks—logging in via UI and CLI, configuring external URLs, creating repositories, pushing and scanning images, adjusting scan settings, and cleaning up images and repositories.

Table of Contents

  1. Accessing and Configuring DTR
  2. CLI Login to DTR
  3. Creating a Repository
  4. Pushing Images to DTR
  5. Scanning Images for Vulnerabilities
  6. Scanning an Older Image
  7. Adjusting Image Scan Settings
  8. Deleting Tags and Repositories

1. Accessing and Configuring DTR

  1. Open your browser and navigate to your DTR’s IP or DNS.
  2. Log in with your credentials.

Warning

If your DTR VM doesn’t have a persistent IP or DNS name, any change will break UI access. Always assign a static IP or DNS record.

  1. To update the external URL for DTR, use the dtr reconfigure command:

    The image shows a webpage from Docker documentation, specifically detailing command-line options for configuring Docker Trusted Registry (DTR). It includes descriptions and parameters for various configuration settings.

    docker/dtr reconfigure --dtr-external-url https://<NEW_DTR_IP_OR_URL>

2. CLI Login to DTR

On a machine with the UCP client bundle:

docker login 54.145.234.153
# Username (yogeshraheja): yogeshraheja
# Password:
# Login Succeeded

Note

If you see x509: certificate signed by unknown authority, add the DTR CA certificate to your Docker daemon trust store. See the Configuring your Docker Daemon section in the DTR User Guide.

3. Creating a Repository

  1. In the DTR UI, click New Repository.
  2. Select Public, enter your namespace (e.g., yogeshraheja/kodekloud), and create.

The image shows a Docker Enterprise Trusted Registry interface with a repository named "yogeshraheja / kodekloud" listed. The interface includes options for filtering namespaces and creating a new repository.

Within your repository you can:

  • Info, Tags, Promotions views
  • Edit description
  • Permissions to manage access
  • Settings → Delete Repository

The image shows a Docker Enterprise Trusted Registry interface, displaying options for image scanning, pruning, and deleting a repository. The interface includes settings for scanning images on push or manually.

4. Pushing Images to DTR

  1. Pull a base image:

    docker pull alpine:latest

  2. Tag for your registry (default tag is latest):

    docker tag alpine:latest 54.145.234.153/yogeshraheja/kodekloud

  3. Add a version tag:

    docker tag alpine:latest 54.145.234.153/yogeshraheja/kodekloud:v1

  4. Push the image:

    docker push 54.145.234.153/yogeshraheja/kodekloud:v1

  5. Verify locally:

    docker image ls
REPOSITORY                                TAG      IMAGE ID       SIZE
54.145.234.153/yogeshraheja/kodekloud     latest   f70734b6a266   5.61MB
54.145.234.153/yogeshraheja/kodekloud     v1       f70734b6a266   5.61MB

Refresh the DTR UI and check Tags for your image.

5. Scanning Images for Vulnerabilities

  1. In the Tags tab, select your v1 tag.

  2. Click Start a Scan or View Details:

    The image shows a Docker Enterprise Trusted Registry interface displaying a repository with a tag named "v1" for a Linux amd64 image. It includes details like image ID, size, signing status, last pushed time, and options for vulnerability scanning.

  3. View Layers and Components before scanning:

    1  ADD file:b91adb67b67… in /
2  CMD ["/bin/sh"]

  4. After the scan completes, Components lists all packages:

    The image shows a Docker Enterprise Trusted Registry interface displaying details of a repository named "yogeshraheja/kodekloud:v1," including components like "alpine-keys" with no vulnerabilities.

  5. The Vulnerabilities tab should report zero issues.

6. Scanning an Older Image

Demonstrate vulnerabilities by pushing an older image:

docker pull yogeshraheja/result:v1
docker tag yogeshraheja/result:v1 54.145.234.153/yogeshraheja/kodekloud:v2
docker push 54.145.234.153/yogeshraheja/kodekloud:v2

Refresh and scan the v2 tag. You may see multiple vulnerabilities:

The image shows a Docker Enterprise Trusted Registry interface displaying details of a repository named "yogeshraheja/kodekloud:v2," including components, vulnerabilities, and their severity levels.

7. Adjusting Image Scan Settings

  1. In DTR UI, go to System → Security.

  2. Enable image scanning and choose Online or Offline CVE mode.

  3. Adjust scan timeout and review last CVE sync date:

    The image shows a Docker Enterprise Trusted Registry interface focused on security settings, specifically for image scanning methods and automatic scanning timeouts. It offers options for online and offline scanning and displays the last sync date and CVE database version.

8. Deleting Tags and Repositories

  • Delete a Tag: In Tags, select the tag (e.g., v2) → Delete → confirm by typing Delete.
  • Delete a Repository: In Settings, find Delete Repository, enter the repository name, and confirm.

Quick Reference Table

OperationCLI CommandUI Location
Update External URLdocker/dtr reconfigure --dtr-external-url <URL>N/A
Login to DTRdocker login <DTR_IP_OR_URL>N/A
Create RepositoryN/ANew Repository
Push Imagedocker tag, docker pushTags
Scan for VulnerabilitiesN/ATags → Start a Scan
Configure Scan SettingsN/ASystem → Security
Delete TagN/ATags → Delete
Delete RepositoryN/ASettings → Delete Repository

Watch Video

Watch video content

Previous
Image Scanning
Next
Image Promotions