Registry Image Sweep
registry_sweep_scanEnumerate every repository and tag in a cloud container registry, deduplicate by digest, and perform read-only security scans with an optional image cap.
Instructions
Sweep an entire cloud container registry: enumerate every repo+tag, dedupe by digest, cap, and scan each (read-only).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| region | No | AWS region (ecr only). | |
| profile | No | AWS credential profile (ecr only). | |
| project | No | GCP project id (gar only). | |
| location | No | GAR location/multi-region, e.g. 'us' (gar only). | |
| provider | Yes | Container registry to sweep: 'ecr' (AWS), 'acr' (Azure), or 'gar' (GCP Artifact Registry). | |
| registry | No | ACR login server, e.g. 'myacr.azurecr.io' (acr only). | |
| max_images | No | Cap on images scanned (default: AGENT_BOM_REGISTRY_MAX_IMAGES or 50). |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |