Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

« Previous Version 2 Next »

Containers

What is Container Security?

Containers are a standardized unit or package of software that enables consistency when running applications from one environment to another. As more companies develop applications in the cloud or move platforms to microservices architecture, containers become a useful way to make that work happen. For more information on containers, please visit Docker's documentation.


Does Container Security use the Armor Agent?

No. By the nature of container design, including its abstraction of the containerized application from the container host’s operating system, the Armor Agent does not have visibility into the container images themselves. For this, you would instead configure a container sensor.

Besides using a sensor in conjunction with your container images, Armor recommends that you do install the Armor Agent on the container host themselves. This combination provides the maximum possible security value for your container-based workloads.


How am I charged for Container Security?

Lorem ipsum

Connectors

Registries and Sensors

What is a sensor?

The container sensor is a Docker image, which you will deploy as a container alongside others on a container host. The sensor discovers and catalogs images within your configured container registries, scans for those which are vulnerable, and delivers its scan results to the Armor platform for reporting & remediation. The sensor container runs in non-privileged mode. It requires a persistent storage for storing and caching files.

Installing at least one sensor is a prerequisite to configuring your container registry.


What container registries are supported?

Container Security supports the following public cloud container registries:

  • AWS Elastic Container Registry (ECR)

  • Azure Container Registry

  • Google Cloud Container Registry

  • Docker Hub


Data Lake

What is a data lake?

It is a centralized repository which allows storage of structured and unstructured data. In the case of Container Security, it will house all vulnerabilities detected for your container images, in a format similar to what we also capture for VM hosts.


What can be done with the data lake?

The data lake can be used to see changes over time to reports, examine data related to specific controls or resources, or be used to create visualizations.

  • No labels