Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Step 1:

Sign Up for Container Security

To purchase Container Security, customers can visit the Container Security screen in the Armor Management Portal (AMP). 

  1. Log into AMP

  2. In the left-hand menu, click “MARKETPLACE” to display the AMP Marketplace

  3. Navigate to the Security & Compliance section

  4. Click the Container Security card

If Container Security is not displayed in the AMP Marketplace, you may not have permission to access it. Please consult your account administrator for assistance.

After reviewing the features & benefits, proceed by clicking the Let's Get Started button. This action automatically generates an Armor Ticketing System (ATS) ticket, which is used to track setup of your Container Security subscription. Please anticipate an one (1) business day turnaround for Armor to provision your licenses and setup your account. 

Once provisioning is complete, the next time you visit the Container Security section, you will be prompted to start using the solution and configure your first Connector.

Step 2:

Configure Your Public Cloud Container Registries

In the Armor Management Portal, the Containers section is separated into three tabs: Images, Registries, Connectors. For each public cloud registry you wish to configure, you will start by configuring its corresponding Connector. In addition, you will need to setup at least one container sensor, which provides the Armor security platform with visibility into your registries.


Container Security supports the following public cloud container registries:

  • AWS Elastic Container Registry (ECR)

  • Azure Container Registry

  • Google Cloud Container Registry

  • Docker Hub


Connectors

Connectors give the Armor security platform permission to access your public cloud infrastructure. The connectors you configure for Container Security are different than connectors you may configure for other features such as Cloud Security Posture Management or Log Relay.

You will need one connector per public cloud registry you wish to eventually configure.

View Existing Connectors

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Container Security.

  3. Click the Connectors tab.

Column

Description


Create a New Connector

After you configure your first connector, use the following instructions to configure subsequent connectors:

  1. Click the New Connector button at the top-right of the screen.

  2. Armor enables users to create a Connector by Registry Type. Use the list to select the appropriate Registry Type. 

    1. AWS ECR

    2. Azure ACR

    3. Google CR

    4. Docker Hub

  3. Click the NEXT button.

  4. The Connector Details form is predetermined by the Registry Type selected. Fill out the appropriate information requested per your chosen Registry Type. 

  5. Registry TypeFields RequestedAWS ECR

    • Name

    • Role ARN

    Azure ACRTBDGoogle CRTBDDocker HubTBD

  6. Click the NEXT button. 

  7. Confirm the values below before submitting.

    1. Click the DONE button if correct.

    2. Use the BACK button to correct previously entered information. 

  8. Click the DONE button. 

Delete an Existing Connector

Registries

Once you have configured a connector, you need to configure a registry. Registries inform the Armor Security Platform where to find your container images, and which repositories and tags are in-scope for vulnerability scanning.

Ahead of configuring container registries, at least one container sensor must be installed in advance. The Armor Management Portal (AMP) will ensure you have completed sensor installation ahead of configuring your first registry.

Sensor installation instructions are available here.

View Existing Registries

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Container Security.

  3. Click the Registries tab.

Column

Description

Registry


Total Repositories


Last Scanned


Total Images


Vulnerabilities


Status


Add a New Registry

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Container Security.

  3. Click the Registries tab.

  4. Click the New button at the top-right of the screen.

  5. In the button options, select New Registry.

Delete an Existing Registry

Step 3:

Scan The Contents Of Your Registries

Once you have configured a registry, the Armor security platform begins to review its content. Based on the repository names and tags provided, matching container images are cataloged then scanned for vulnerabilities. Initial scan results are typically available within hours, while refreshed results are available on a daily basis.

As Armor’s security platform discovers container images and their vulnerabilities, your scan results can be viewed under the Images tab of the Container Security section.

Step 4:

Take Action to Remediate Vulnerabilities

The Images tab of the Container Security section catalogs your images, while the Vulnerability Scanning section allows you to manage their vulnerabilities alongside those of other assets like virtual machines.

The Vulnerability Scanning section can be filtered to show vulnerabilities for a single container image at a time and/or different severities.

View Existing Container Images

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Container Security.

  3. The Images tab is displayed by default.

Column

Description

View Vulnerabilities for a Single Container Image

  1. In the Armor Management Portal (AMP), in the left-side navigation, click Security.

  2. Click Container Security.

  3. The Images tab is displayed by default.

  4. For the container image you wish to review, hover to the right of its name to display a contextual menu icon.

  5. Click the icon, then select View Vulnerabilities.

  6. You will be redirected from the Container Security section to the Vulnerability Scanning section, with an Asset ID filter being enforced.

The Asset ID filter limits the vulnerability scan results to those applicable to the current container image. It works in combination with other searches & filters currently in-effect, and it will continue to be applied until cleared.

For instructions on how to manage your vulnerabilities within the Vulnerability Scanning section, please visit our Vulnerability Scanning documentation module.

  • No labels