Skip to main content
Google Container Registry (GCR) is Google Cloud’s managed Docker registry service. CybeDefend integrates with GCR to scan your container images using service account authentication.

CybeDefend Configuration

FieldDescriptionExample
GCP Project IDYour Google Cloud project IDmy-gcp-project-123
Registry HostnameGCR hostname for your regiongcr.io (Global/US)
Service Account Key (JSON)Full JSON content of service account key{"type": "service_account", ...}

Available Registry Hostnames

HostnameRegion
gcr.ioGlobal / United States
us.gcr.ioUnited States
eu.gcr.ioEurope
asia.gcr.ioAsia

How to Create a Service Account Key in GCP

1

Access GCP Console

Go to GCP Console → IAM & AdminService Accounts
2

Create or Select Account

Create a new service account or select an existing one
3

Assign Role

Grant the role Storage Object Viewer (read access) or Storage Admin (read/write)
4

Create Key

Create a new key in JSON format and download it
5

Paste JSON Content

Paste the complete JSON content in CybeDefend
The service account key JSON file contains sensitive credentials. Store it securely and never commit it to version control.

Security Best Practices

Least Privilege

Use Storage Object Viewer role for read-only access to images.

Rotate Keys

Rotate service account keys regularly to minimize security risks.

Use Workload Identity

Prefer Workload Identity over service account keys when possible.

Audit Access

Enable Cloud Audit Logs for monitoring and compliance.

Troubleshooting

  • Verify the JSON key is valid and complete
  • Check if the service account has been deleted or disabled
  • Ensure the project ID matches your registry
  • Verify the service account has Storage Object Viewer role
  • Check if Container Registry API is enabled