⚠️ Traduction non officielle - Cette documentation est une traduction communautaire non officielle de Docker.

Gestion d'Accès d'Image

Table des matières
Subscription: Business
For: Administrators

La Gestion d'Accès d'Image vous donne le contrôle sur quels types d'images, tels que les Images Officielles Docker, les Images d'Éditeur Vérifié Docker, ou les images communautaires, vos développeurs peuvent tirer de Docker Hub.

Par exemple, un développeur, qui fait partie d'une organisation, construisant une nouvelle application conteneurisée pourrait accidentellement utiliser une image communautaire non fiable comme composant de son application. Cette image pourrait être malveillante et poser un risque de sécurité pour l'entreprise. En utilisant la Gestion d'Accès d'Image, le propriétaire d'organisation peut s'assurer que le développeur ne peut accéder qu'au contenu de confiance comme les Images Officielles Docker, les Images d'Éditeur Vérifié Docker, ou les images propres de l'organisation, prévenant un tel risque.

Prérequis

Vous devez d'abord appliquer la connexion pour vous assurer que tous les développeurs Docker Desktop s'authentifient avec votre organisation. Puisque la Gestion d'Accès d'Image nécessite un abonnement Docker Business, la connexion forcée garantit que seuls les utilisateurs authentifiés ont accès et que la fonctionnalité prend effet de façon cohérente à travers tous les utilisateurs, même si elle peut encore fonctionner sans connexion forcée.

Configurer

  1. Sign in to the Admin Console.
  2. Select your organization in the left navigation drop-down menu, and then select Image access.
  3. Enable Image Access Management to set the permissions for the following categories of images you can manage:
  • Organization Images: Images from your organization are always allowed by default. These images can be public or private created by members within your organization.
  • Docker Official Images: A curated set of Docker repositories hosted on Hub. They provide OS repositories, best practices for Dockerfiles, drop-in solutions, and applies security updates on time.
  • Docker Verified Publisher Images: Images published by Docker partners that are part of the Verified Publisher program and are qualified to be included in the developer secure supply chain.
  • Community Images: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images.
Note

Image Access Management is turned off by default. However, owners in your organization have access to all images regardless of the settings.

  1. Select the category restrictions for your images by selecting Allowed. Once the restrictions are applied, your members can view the organization permissions page in a read-only format.

Verify the restrictions

The new Image Access Management policy takes effect after the developer successfully authenticates to Docker Desktop using their organization credentials. If a developer attempts to pull a disallowed image type using Docker, they receive an error message.

Important

La gestion des organisations est en cours de transfert vers la console d'administration.

Gérez les membres, les équipes, les paramètres et les journaux d'activité dans la console d'administration Docker. L'accès à ces fonctionnalités dans Docker Hub prendra bientôt fin. Explorez la console d'administration.

  1. Sign in to Docker Hub.
  2. Select My Hub, select your organization in the left navigation drop-down menu, and then select Image access.
  3. Enable Image Access Management to set the permissions for the following categories of images you can manage:
  • Organization Images: Images from your organization are always allowed by default. These images can be public or private created by members within your organization.
  • Docker Official Images: A curated set of Docker repositories hosted on Hub. They provide OS repositories, best practices for Dockerfiles, drop-in solutions, and applies security updates on time.
  • Docker Verified Publisher Images: Images published by Docker partners that are part of the Verified Publisher program and are qualified to be included in the developer secure supply chain.
  • Community Images: These images are disabled by default when Image Access Management is enabled because various users contribute them and they may pose security risks. This category includes Docker-Sponsored Open Source images.
Note

Image Access Management is turned off by default. However, owners in your organization have access to all images regardless of the settings.

  1. Select the category restrictions for your images by selecting Allowed. Once the restrictions are applied, your members can view the organization permissions page in a read-only format.

Verify the restrictions

The new Image Access Management policy takes effect after the developer successfully authenticates to Docker Desktop using their organization credentials. If a developer attempts to pull a disallowed image type using Docker, they receive an error message.

Plus de ressources