Skip to main content
Prowler’s Image provider enables container image security scanning using Trivy. No authentication is required for public images. Prowler supports the following authentication methods for private registries: Prowler uses the first available method in this priority order.

Basic Authentication (Environment Variables)

To authenticate with a username and password, set the REGISTRY_USERNAME and REGISTRY_PASSWORD environment variables. Prowler passes these credentials to Trivy, which handles authentication with the registry transparently: 
export REGISTRY_USERNAME="myuser"
export REGISTRY_PASSWORD="mypassword"

prowler image -I myregistry.io/myapp:v1.0
Both variables must be set for this method to activate.

Token-Based Authentication

To authenticate using a registry token (such as a bearer or OAuth2 token), set the REGISTRY_TOKEN environment variable. Prowler passes the token directly to Trivy: 
export REGISTRY_TOKEN="my-registry-token"

prowler image -I myregistry.io/myapp:v1.0
This method is useful for registries that support token-based access without requiring a username and password.

Manual Docker Login (Fallback)

If no environment variables are set, Prowler relies on existing credentials in Docker’s credential store (~/.docker/config.json). To configure credentials manually before scanning: 
docker login myregistry.io

prowler image -I myregistry.io/myapp:v1.0
This method is available in Prowler CLI only. In Prowler Cloud, use basic authentication or token-based authentication instead.