Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Catie G.

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Getting Started

...

Table of Contents
maxLevel3
minLevel3

Product Overview

Armor Agent (AA) for Containers helps organizations detect and address pre-runtime container image vulnerabilities that might otherwise lead to breach, adhere to compliance mandates, and increase security within software development and operations (DevOps) environments. This feature supports the leading public cloud container registries.

vulscanningcontainers.mp4

In the Armor Management Portal (AMP), users can find a dedicated screen available for managing Containers.

...

...

Note

To use this screen, users will need the following permissions:

  • Read Container Security Accounts

  • Read Container Security Vendor Types

  • Read Container Security Registries

  • Write Container Security Registries

  • Read Container Security Sensors

  • Read Container Security Connectors

  • Write Container Security Connectors


Containers Connectors supports the following

...

public cloud container registries:

  1. AWS Elastic Container Registry (ECR)

  2. Azure Container Registry (ACR)

  3. Google

...

  1. Cloud Container Registry

  2. Docker Hub

...

In the Armor Management Portal, the Containers screen is separated into four tabs: Overview, Registries, Containers, and Connectors.

Registries Tab

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Container Security.
  3. Click the Registries tab.

The Registries tab displays active Registries across all providers. 

...

Vulnerabilities

...

View a Registry

To view a Registry, click the link Registry name in the Registry column. 

Create a New Registry

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Container Security.
  3. Click the Registries tab.
  4. Click the New Registry button at the top left of the screen.

Containers Tab

The Containers tab displays Containers, including a dashboard for vulnerabilities at the top of the screen. 

...

State

...

View Container Connections

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.
  2. Click Container Security.
  3. Click the Connections tab.

Add a Container Connector

By providing the same inputs as required by the API, users can pick from a list of supported public cloud containers registry vendors. the screen will hide/show fields as necessary to gather the specific data required by said registry vendor.

...

  1. AWS ECR

  2. Azure ACR

  3. Google CR

  4. Docker Hub

...

The Connector Details form is predetermined by the Registry Type selected. Fill out the appropriate information requested per your chosen Registry Type. 

...

  • Name
  • Role ARN

...

  1. Click the DONE button if correct.
  2. Use the BACK button to correct previously entered information. 

...

Note

Limitation on Supported AWS Regions

For now, the following AWS Regions are not yet supported when configuring a Container Registry within the Armor platform:

  • AWS GovCloud (US-East)

  • AWS GovCloud (US-West)

  • US East (Ohio)

About Containers

Containers

Containers are a standardized unit or package of software that enables consistency when running applications from one environment to another. As more companies develop applications in the cloud or move platforms to microservices architecture, containers become a useful way to make that work happen. For more information on containers, please visit Docker's documentation.


Images

An image includes all the dependencies (such as frameworks) plus deployment and execution configuration to be used by a container runtime. Usually, an image derives from multiple base images that are layers stacked on top of each other to form the container's filesystem. An image is immutable once it has been created.

Registries

Registries inform the Armor Security Platform where to find your container images, and which repositories and tags are in-scope for vulnerability scanning.

Registry names do not reflect values from AWS, Azure, etc. Registry names in AMP are internal "friendly" names.


Connectors

Connectors give the Armor security platform permission to access your public cloud infrastructure. The connectors you configure for Container Security are different than connectors you may configure for other features such as Cloud Security Posture Management or Log Relay.

You will need one connector per public cloud registry you wish to eventually configure.



Sensors

A sensor is packaged and delivered as a Docker Image and can be deployed as a container alongside other application containers. The sensor automatically discovered images and containers on a deployed host and scans for vulnerabilities.

Sensor installation instructions are available here.

Vulnerabilities

Vulnerabilities are weaknesses that threat actors exploit to gain unauthorized access to computer systems. Once exploited, attackers can run malicious code, install malware and steal data.

Pricing

Container Security is priced based on the number of connectors you have configured. Current pricing can be found on the sign-up page within the Armor Management Portal (AMP).

Each connector configured requires a 12-month subscription. For example, when configuring a new connector today, it first appears on next month's invoice, then on monthly invoices going forward for the remainder of a calendar year.

Containers Documentation

For Containers

Containers - Getting Started

Install and Manage

Containers FAQ