From 070d93760347df56b257f22c842918d78ac3604b Mon Sep 17 00:00:00 2001 From: Leo Wang Date: Fri, 13 Mar 2026 20:25:28 -0400 Subject: [PATCH 1/2] Mark Azure Container Registry (ACR) as GA for agentless scanning ACR support for running container images is now generally available. Remove "coming soon" labels from compatibility and vulnerabilities pages. --- .../setup/agentless_scanning/compatibility.md | 4 ++-- .../cloud_security_management/vulnerabilities/_index.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md b/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md index dce007a97e6..9c39ab94591 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md @@ -20,7 +20,7 @@ The following table provides a summary of Agentless Scanning technologies in rel | Serverless | AWS Lambda
AWS Fargate for ECS | Azure Container Apps and Azure Container Instances (in Preview; to join, contact [Datadog Support][16]) | Cloud Run (container deployment only — not from GitHub repos or inline editors) | | Kubernetes | EKS on EC2 nodes only
**Note**: Fargate-backed EKS nodes are **not** supported | AKS on virtual machines and Virtual Machine Scale Sets (VMSS)
**Note**: AKS on ACI is **not** supported | GKE Standard only
**Note**: GKE Autopilot and image streaming are **not** supported | | Application languages (in hosts and containers) | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | -| Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: coming soon for running container images only
**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only
**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | +| Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: scans running container images only
**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only
**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | | Host Images | AMI | Not supported | Not supported | | Sensitive Data (SDS) | S3, RDS (private beta) | Not supported | Not supported | @@ -70,7 +70,7 @@ The following container image registries are supported for container image scans |---------------------------------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | Amazon ECR (public and private) | GA | Scans running container images **and** the last 1,000 pushed images at rest (by date). This is the only registry with at-rest scanning support | | Google Artifact Registry (GAR) | GA | Scans images tied to running workloads (Cloud Run, GKE) only
**Note**: To request at-rest registry scanning, contact [Datadog Support][16] | -| Azure Container Registry (ACR) | Coming soon | Scans running container images from Azure Container Apps and Azure Container Instances only
**Note**: To request at-rest registry scanning, contact [Datadog Support][16] | +| Azure Container Registry (ACR) | GA | Scans running container images from Azure Container Apps and Azure Container Instances only
**Note**: To request at-rest registry scanning, contact [Datadog Support][16] | **Note**: Container image scanning from registry is only supported if you have installed Agentless with: - CloudFormation Integrations >= v2.0.8 diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index 4206ef5ac31..5fca9d1e270 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -81,7 +81,7 @@ Use these tables to decide which solution to start with: | Cloud provider | AWS, Azure, GCP | AWS, Azure, GCP, on-prem, etc. | | Operating system | Linux, Windows | Linux, Windows | | Serverless | AWS Lambda, Amazon ECS Fargate, GCP Cloud Run (container deployment only) | Not applicable | -| Container registries | Amazon ECR (running + at-rest), Google Artifact Registry (running workloads only) | Not applicable | +| Container registries | Amazon ECR (running + at-rest), Google Artifact Registry (running workloads only), Azure Container Registry (running container images only) | Not applicable | For more information on compatibility, see [Cloud Security Vulnerabilities Hosts and Containers Compatibility][13]. If you need any assistance, see the [troubleshooting guide][14], or reach out to support@datadoghq.com. From 64b7fb3943cb32ada503d6a8755d3969e94fc6aa Mon Sep 17 00:00:00 2001 From: Leo Wang Date: Fri, 13 Mar 2026 20:27:37 -0400 Subject: [PATCH 2/2] Mark ACR, Azure Container Apps, and Azure Container Instances as GA Remove "coming soon" and "preview" labels. Add note that Azure Container Apps and Instances require the latest agentless scanner with a link to the update page. --- .../setup/agentless_scanning/compatibility.md | 3 ++- .../cloud_security_management/vulnerabilities/_index.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md b/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md index 9c39ab94591..f13842cc64b 100644 --- a/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md +++ b/content/en/security/cloud_security_management/setup/agentless_scanning/compatibility.md @@ -17,7 +17,7 @@ The following table provides a summary of Agentless Scanning technologies in rel | Package Manager | Deb (debian, ubuntu)
RPM (amazon-linux, fedora, redhat, centos)
APK (alpine) | Deb (debian, ubuntu)
RPM (fedora, redhat, centos)
APK (alpine) | Deb (debian, ubuntu)
RPM (fedora, redhat, centos)
APK (alpine) | | Encryption | AWS
Unencrypted
Encrypted - Platform Managed Key (PMK) and Customer Managed Key (CMK) | Encrypted - Platform Managed Key (PMK): Azure Disk Storage Server-Side Encryption, Encryption at host
**Note**: Encrypted - Customer Managed Key (CMK) is **not** supported | Encrypted - Platform Managed Key (PMK): Persistent Disk Encryption, Confidential VM
**Note**: Encrypted - Customer Managed Encryption Key (CMEK) and Customer-Supplied Encryption Keys (CSEK) are **not** supported | | Container runtime | Docker, containerd
**Note**: CRI-O is **not** supported | Docker, containerd
**Note**: CRI-O is **not** supported | Docker, containerd
**Note**: CRI-O is **not** supported | -| Serverless | AWS Lambda
AWS Fargate for ECS | Azure Container Apps and Azure Container Instances (in Preview; to join, contact [Datadog Support][16]) | Cloud Run (container deployment only — not from GitHub repos or inline editors) | +| Serverless | AWS Lambda
AWS Fargate for ECS | Azure Container Apps and Azure Container Instances
**Note**: Requires the latest agentless scanner. See [Update Agentless Scanning][17]. | Cloud Run (container deployment only — not from GitHub repos or inline editors) | | Kubernetes | EKS on EC2 nodes only
**Note**: Fargate-backed EKS nodes are **not** supported | AKS on virtual machines and Virtual Machine Scale Sets (VMSS)
**Note**: AKS on ACI is **not** supported | GKE Standard only
**Note**: GKE Autopilot and image streaming are **not** supported | | Application languages (in hosts and containers) | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | | Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: scans running container images only
**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only
**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | @@ -101,3 +101,4 @@ The following container runtimes are supported: [14]: https://www.debian.org/security/oval/ [15]: https://ubuntu.com/security/cve [16]: /help +[17]: /security/cloud_security_management/setup/agentless_scanning/update diff --git a/content/en/security/cloud_security_management/vulnerabilities/_index.md b/content/en/security/cloud_security_management/vulnerabilities/_index.md index 5fca9d1e270..5b0e20e132a 100644 --- a/content/en/security/cloud_security_management/vulnerabilities/_index.md +++ b/content/en/security/cloud_security_management/vulnerabilities/_index.md @@ -80,7 +80,7 @@ Use these tables to decide which solution to start with: | Container image | OS packages and app packages, mapped to image | OS packages | | Cloud provider | AWS, Azure, GCP | AWS, Azure, GCP, on-prem, etc. | | Operating system | Linux, Windows | Linux, Windows | -| Serverless | AWS Lambda, Amazon ECS Fargate, GCP Cloud Run (container deployment only) | Not applicable | +| Serverless | AWS Lambda, Amazon ECS Fargate, Azure Container Apps, Azure Container Instances, GCP Cloud Run (container deployment only) | Not applicable | | Container registries | Amazon ECR (running + at-rest), Google Artifact Registry (running workloads only), Azure Container Registry (running container images only) | Not applicable | For more information on compatibility, see [Cloud Security Vulnerabilities Hosts and Containers Compatibility][13]. If you need any assistance, see the [troubleshooting guide][14], or reach out to support@datadoghq.com.