Armor Agent for Containers
Product Overview
Armor Agent (AA) for Containers helps organizations detect and address pre-runtime container image vulnerabilities that might otherwise lead to breach, adhere to compliance mandates, and increase security within software development and operations (DevOps) environments. This feature supports the leading public cloud container registries.
In the Armor Management Portal (AMP), users can find a dedicated screen available for managing Containers.
To use this screen, users will need the following permissions:
Read Container Security Accounts
Read Container Security Vendor Types
Read Container Security Registries
Write Container Security Registries
Read Container Security Sensors
Read Container Security Connectors
Write Container Security Connectors
Containers Connectors supports the following public cloud container registries:
AWS Elastic Container Registry (ECR)
Azure Container Registry (ACR)
Google Cloud Container Registry
Docker Hub
Limitation on Supported AWS Regions
For now, the following AWS Regions are not yet supported when configuring a Container Registry within the Armor platform:
AWS GovCloud (US-East)
AWS GovCloud (US-West)
US East (Ohio)
About Containers
Containers
Containers are a standardized unit or package of software that enables consistency when running applications from one environment to another. As more companies develop applications in the cloud or move platforms to microservices architecture, containers become a useful way to make that work happen. For more information on containers, please visit Docker's documentation.
Images
An image includes all the dependencies (such as frameworks) plus deployment and execution configuration to be used by a container runtime. Usually, an image derives from multiple base images that are layers stacked on top of each other to form the container's filesystem. An image is immutable once it has been created.
Registries
Registries inform the Armor Security Platform where to find your container images, and which repositories and tags are in-scope for vulnerability scanning.
Registry names do not reflect values from AWS, Azure, etc. Registry names in AMP are internal "friendly" names.
Connectors
Connectors give the Armor security platform permission to access your public cloud infrastructure. The connectors you configure for Container Security are different than connectors you may configure for other features such as Cloud Security Posture Management or Log Relay.
You will need one connector per public cloud registry you wish to eventually configure.
Sensors
A sensor is packaged and delivered as a Docker Image and can be deployed as a container alongside other application containers. The sensor automatically discovered images and containers on a deployed host and scans for vulnerabilities.
Sensor installation instructions are available here.
Vulnerabilities
Vulnerabilities are weaknesses that threat actors exploit to gain unauthorized access to computer systems. Once exploited, attackers can run malicious code, install malware and steal data.
Pricing
Container Security is priced based on the number of connectors you have configured. Current pricing can be found on the sign-up page within the Armor Management Portal (AMP).
Each connector configured requires a 12-month subscription. For example, when configuring a new connector today, it first appears on next month's invoice, then on monthly invoices going forward for the remainder of a calendar year.
Containers Documentation