Content Comparison

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Sensors

...

Sensor installation must come before adding a registry.

...

With the exception of Docker Hub, each registry type requires setups to be in place ahead of configuration connectors within the Armor Management Portal (AMP). Follow the vendor-specific instructions below.

AWS Elastic Container Registry

Create IAM Role

1. Log in to Amazon Web Services (AWS) Console.

2. Go to the IAM service.

3. Go to Roles and click Create Role

4. Under "Select type of trusted entity" choose Another AWSaccount. Then:a.Paste in the Qualys AWS Account ID (from connector details).b.Select Require external ID and paste in the External ID (from connector details).c.Click Next: Permissions

5. Find the policy titled "AmazonEC2ContainerRegistryReadOnly"and select the check box next to it.

6. Enter a role name (e.g. CMS) and click Create role.

7. Click on the role you just created to view details. Copy the Role ARN value and paste it into the connector details.

...

Azure Container Registry

Step 1: Create Application and get Application Id & Client Secret

1. Log on to Microsoft Azure portal, navigate to Azure Active Directory then to App Registrations.

2. Click on New Registration and provide the folowing details:a. Name: A name for the application.b. Supported account types: Single Tenant and Accounts in this organizational directory only.

3. Click on Register.

4. Copy the Application (client) ID.

5. Navigate to the Certificates & secrets on the left panel then generate client secret by clicking on New Client Secret, provide the following details:

   1. Description: A description of the client secret.

   2. Expires: Never.

   3. Click on Add.

   4. Copy the Client secret that is generated.

Step 2: Assigning Service Principal

1. Log on to Microsoft Azure portal

2. In the left panel, navigate to Container registries and then Access control (IAM)

3. Navigate to Role assignments

4. Click the Add the to Add Role assignment option and provide the following details:

   1. Role: Contributor.

   2. Assign access to: Azure AD user, group or service principal.

   3. Select: Application created with client secret.

   4. Click on Save.

Step 3: Provide Configuration Details to Armor

Add Application Id and Client Secret to the Connector Details screen within the Armor Management Portal (AMP).

...

Google Cloud Container Registry

Step 1: Enabling Access Within API Library

1. Log into Google Cloud Platform (GCP) console.

2. Select an organization.

3. Select a project or create a new project. Ensure that you select the correct project.

4. In the left sidebar, navigate to APIs and Services.

5. Search Compute Engine API from the API Library, click Manage and then click Enable API. Similarly, also enable Cloud Resource Manager API, Compute Engine API, Kubernetes Engine API and Cloud SQL Admin API from the API library.

Step 2: Setting Up A Service Account

1. Login to the GCP console and select a project.

2. From the left sidebar, navigate to IAM & admin > Service accounts

3. Ckick Click CREATE SERVICE ACCOUNT.

4. Provide a name and description (optional) for the service account and click CREATE.

5. Choose Viewer and Security Reviewer role to assign at least reader permissions to the service account and click CONTINUE.

6. Click CREATE KEY.

7. Select JSON as Key type and click CREATE. A message saying "Private key saved to your computer" is displayed and the JSON file is downloaded to your computer.

8. Click CLOSE and then click DONE.

Step 3: Provide Configuration File to Armor

Once you have downloaded your configuration file, add it to the Connector Details screen within the Armor Management Portal (AMP).

...

Install and Manage

Containers FAQ

...