Permissions for GCR
1. Overview
Google Cloud Registry requires the storage.admin permission in order to enumerate repositories in a registry. This is done via wildcards. If the credentials you pass into the defender has readonly permissions it will be able to scan specific repositories in the registry as expected, but wildcards will fail.
3. Steps to confirm the issue
-
Scan a repository in your registry
-
Add in a wildcard
-
At this step nothing should happen. No progress bar, no errors.
-