Armor Agent for Containers

Owned by Aaron Gabriel (Deactivated)
Last updated: 26 July 2024 by Catie G.
2 min read

 

Product Overview

Armor Agent (AA) for Containers helps organizations detect and address pre-runtime container image vulnerabilities that might otherwise lead to breach, adhere to compliance mandates, and increase security within software development and operations (DevOps) environments. This feature supports the leading public cloud container registries.

 

vulscanningcontainers.mp4

 

In the Armor Management Portal (AMP), users can find a dedicated screen available for managing Containers.

To use this screen, users will need the following permissions:

  • Read Container Security Accounts

  • Read Container Security Vendor Types

  • Read Container Security Registries

  • Write Container Security Registries

  • Read Container Security Sensors

  • Read Container Security Connectors

  • Write Container Security Connectors


Containers Connectors supports the following public cloud container registries:

  1. AWS Elastic Container Registry (ECR)

  2. Azure Container Registry (ACR)

  3. Google Cloud Container Registry

  4. Docker Hub

Limitation on Supported AWS Regions

For now, the following AWS Regions are not yet supported when configuring a Container Registry within the Armor platform:

  • AWS GovCloud (US-East)

  • AWS GovCloud (US-West)

  • US East (Ohio)

About Containers

Containers

Containers are a standardized unit or package of software that enables consistency when running applications from one environment to another. As more companies develop applications in the cloud or move platforms to microservices architecture, containers become a useful way to make that work happen. For more information on containers, please visit Docker's documentation.



Images

An image includes all the dependencies (such as frameworks) plus deployment and execution configuration to be used by a container runtime. Usually, an image derives from multiple base images that are layers stacked on top of each other to form the container's filesystem. An image is immutable once it has been created.

Registries

Registries inform the Armor Security Platform where to find your container images, and which repositories and tags are in-scope for vulnerability scanning.

Registry names do not reflect values from AWS, Azure, etc. Registry names in AMP are internal "friendly" names.



Connectors

Connectors give the Armor security platform permission to access your public cloud infrastructure. The connectors you configure for Container Security are different than connectors you may configure for other features such as Cloud Security Posture Management or Log Relay.

You will need one connector per public cloud registry you wish to eventually configure.





Sensors

A sensor is packaged and delivered as a Docker Image and can be deployed as a container alongside other application containers. The sensor automatically discovered images and containers on a deployed host and scans for vulnerabilities.

Sensor installation instructions are available here.

Vulnerabilities

Vulnerabilities are weaknesses that threat actors exploit to gain unauthorized access to computer systems. Once exploited, attackers can run malicious code, install malware and steal data.

Pricing

Container Security is priced based on the number of connectors you have configured. Current pricing can be found on the sign-up page within the Armor Management Portal (AMP).

Each connector configured requires a 12-month subscription. For example, when configuring a new connector today, it first appears on next month's invoice, then on monthly invoices going forward for the remainder of a calendar year.

Containers Documentation

For Containers

Containers - Getting Started

Install and Manage

Containers FAQ