Goal Summary:

In some environments, all clusters (including Central), share the same ImageTagMirrorSet and ImageDigestMirrorSet configuration and already have access to the same image registries.

In such cases, Central should be able to use its own configured registry credentials to pull and scan all images directly.

This enhancement would let Central use the mirrored registries already defined in ITMS/IDMS, avoiding duplicate scanner deployments across clusters.

Goals and expected user outcomes:

• Central can pull images from registries it already has access to, using OpenShift's configurd registry credentials.

• No need to configure Delegated Scanning or manual integrations in this situation.

• Ideal for large-scale environments (e.g., 150 clusters) with a shared ImageTagMirrorSet/ImageDigestMirrorSet

• Users benefit from simpler configuration, lower cost, and consistent scan results.

Acceptance Criteria:

• Central can scan images using OpenShift registry credentials.

• Works with existing registry configs (ImageTagMirrorSet,ImageDigestMirrorSet)

Success Criteria or KPIs measured:

• Increased cost reduction compatered to delegated scanning in large environments.

• Fewer manual steps for setup.

• Improved scan coverage when using registry mirroring.

Use Case:

• A customer with 200+ OpenShift clusters sharing the same ImageTagMirrorSet and registry credentials wants to perform centralized image scanning.

• • Before: Required deploying and maintaining Delegated Scanning on each cluster.

• • After: Central directly pulls and scans images using the in-cluster registry credentials, avoiding the need for additional components.