Step 1:
Sign Up for Container Security
To purchase Container Security, customers can visit the Container Security screen in the Armor Management Portal (AMP).
Log into AMP
In the left-hand menu, click “MARKETPLACE” to display the AMP Marketplace
Navigate to the Security & Compliance section
Click the Container Security card
If Container Security is not displayed in the AMP Marketplace, you may not have permission to access it. Please consult your account administrator for assistance.
After reviewing the features & benefits, proceed by clicking the Let's Get Started button. This action automatically generates an Armor Ticketing System (ATS) ticket, which is used to track setup of your Container Security subscription. Please anticipate an one (1) business day turnaround for Armor to provision your licenses and setup your account.
Once provisioning is complete, the next time you visit the Container Security section, you will be prompted to start using the solution and configure your first Connector.
Step 2:
Configure Your Public Cloud Container Registries
In the Armor Management Portal, the Containers section is separated into three tabs: Images, Registries, Connectors. For each public cloud registry you wish to configure, you will start by configuring its corresponding Connector. In addition, you will need to setup at least one container sensor, which provides the Armor security platform with visibility into your registries.
Container Security supports the following public cloud container registries:
AWS Elastic Container Registry (ECR)
Azure Container Registry
Google Cloud Container Registry
Docker Hub
Connectors
Connectors give the Armor security platform permission to access your public cloud infrastructure. The connectors you configure for Container Security are different than connectors you may configure for other features such as Cloud Security Posture Management or Log Relay.
You will need one connector per public cloud registry you wish to eventually configure.
View Existing Connectors
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Container Security.
Click the Connectors tab.
Column | Description |
|---|---|
|
Create a New Connector
After you configure your first connector, use the following instructions to configure subsequent connectors:
Click the New Connector button at the top-right of the screen.
Armor enables users to create a Connector by Registry Type. Use the list to select the appropriate Registry Type.
AWS ECR
Azure ACR
Google CR
Docker Hub
Click the NEXT button.
The Connector Details form is predetermined by the Registry Type selected. Fill out the appropriate information requested per your chosen Registry Type.
Registry TypeFields RequestedAWS ECR
Name
Role ARN
Azure ACRTBDGoogle CRTBDDocker HubTBD
Click the NEXT button.
Confirm the values below before submitting.
Click the DONE button if correct.
Use the BACK button to correct previously entered information.
Click the DONE button.
Delete an Existing Connector
Registries
Once you have configured a connector, you need to configure a registry. Registries inform the Armor Security Platform where to find your container images, and which repositories and tags are in-scope for vulnerability scanning.
Ahead of configuring container registries, at least one container sensor must be installed in advance. The Armor Management Portal (AMP) will ensure you have completed sensor installation ahead of configuring your first registry.
Sensor installation instructions are available here.
View Existing Registries
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Container Security.
Click the Registries tab.
Column | Description |
|---|---|
Registry | |
Total Repositories | |
Last Scanned | |
Total Images | |
Vulnerabilities | |
Status |
Add a New Registry
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Container Security.
Click the Registries tab.
Click the New button at the top-right of the screen.
In the button options, select New Registry.
Delete an Existing Registry
Step 3:
Scan The Contents Of Your Registries
Once you have configured a registry, the Armor security platform begins to review its content. Based on the repository names and tags provided, matching container images are cataloged then scanned for vulnerabilities. Initial scan results are typically available within hours, while refreshed results are available on a daily basis.
As Armor’s security platform discovers container images and their vulnerabilities, your scan results can be viewed under the Images tab of the Container Security section.
Step 4:
Take Action to Remediate Vulnerabilities
The Images tab of the Container Security section catalogs your images, while the Vulnerability Scanning section allows you to manage their vulnerabilities alongside those of other assets like virtual machines.
The Vulnerability Scanning section can be filtered to show vulnerabilities for a single container image at a time and/or different severities.
View Existing Container Images
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Container Security.
The Images tab is displayed by default.
Column | Description |
|---|---|
|
|
View Vulnerabilities for a Single Container Image
In the Armor Management Portal (AMP), in the left-side navigation, click Security.
Click Container Security.
The Images tab is displayed by default.
For the container image you wish to review, hover to the right of its name to display a contextual menu icon.
Click the icon, then select View Vulnerabilities.
You will be redirected from the Container Security section to the Vulnerability Scanning section, with an Asset ID filter being enforced.
The Asset ID filter limits the vulnerability scan results to those applicable to the current container image. It works in combination with other searches & filters currently in-effect, and it will continue to be applied until cleared.
For instructions on how to manage your vulnerabilities within the Vulnerability Scanning section, please visit our Vulnerability Scanning documentation module.