Quay Container Security Operator unable to use local repository for security-scan definitions

Solution In Progress - Updated -


  • A Quay instance has been setup using the Quay Operator in RHOCP v4.
  • The Quay Container Security Operator (CSO) has also been deployed, however the CSO does not use any of the security-scan definitions provided by the local Quay instance and is only listing security issues for images pulled from Quay.io.


  • Red Hat OpenShift Container Platform
    • 4.5
  • Quay Operator
  • Quay Container Security Operator
  • The local Quay repository has been deployed with self-signed certificates.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In