Skip to content

Mark ACR, Azure Container Apps, and Azure Container Instances as GA for agentless scanning #35287

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
leo-wang-dd wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Mark ACR, Azure Container Apps, and Azure Container Instances as GA for agentless scanning #35287

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
070d937
Mark Azure Container Registry (ACR) as GA for agentless scanning
leo-wang-dd Mar 14, 2026
64b7fb3
Mark ACR, Azure Container Apps, and Azure Container Instances as GA
leo-wang-dd Mar 14, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions ...en/security/cloud_security_management/setup/agentless_scanning/compatibility.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,10 +17,10 @@ The following table provides a summary of Agentless Scanning technologies in rel
| Package Manager | Deb (debian, ubuntu) <br> RPM (amazon-linux, fedora, redhat, centos) <br> APK (alpine) | Deb (debian, ubuntu) <br> RPM (fedora, redhat, centos) <br> APK (alpine) | Deb (debian, ubuntu) <br> RPM (fedora, redhat, centos) <br> APK (alpine) |
| Encryption | AWS </br> Unencrypted </br> Encrypted - Platform Managed Key (PMK) and Customer Managed Key (CMK) | Encrypted - Platform Managed Key (PMK): Azure Disk Storage Server-Side Encryption, Encryption at host </br> **Note**: Encrypted - Customer Managed Key (CMK) is **not** supported | Encrypted - Platform Managed Key (PMK): Persistent Disk Encryption, Confidential VM </br> **Note**: Encrypted - Customer Managed Encryption Key (CMEK) and Customer-Supplied Encryption Keys (CSEK) are **not** supported |
| Container runtime | Docker, containerd </br> **Note**: CRI-O is **not** supported | Docker, containerd </br> **Note**: CRI-O is **not** supported | Docker, containerd </br> **Note**: CRI-O is **not** supported |
| Serverless | AWS Lambda <br> AWS Fargate for ECS | Azure Container Apps and Azure Container Instances (in Preview; to join, contact [Datadog Support][16]) | Cloud Run (container deployment only — not from GitHub repos or inline editors) |
| Serverless | AWS Lambda <br> AWS Fargate for ECS | Azure Container Apps and Azure Container Instances<br />**Note**: Requires the latest agentless scanner. See [Update Agentless Scanning][17]. | Cloud Run (container deployment only — not from GitHub repos or inline editors) |
| Kubernetes | EKS on EC2 nodes only </br> **Note**: Fargate-backed EKS nodes are **not** supported | AKS on virtual machines and Virtual Machine Scale Sets (VMSS) </br> **Note**: AKS on ACI is **not** supported | GKE Standard only </br> **Note**: GKE Autopilot and image streaming are **not** supported |
| Application languages (in hosts and containers) | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda | Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda |
| Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: coming soon for running container images only<br />**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only<br />**Note:** To request at-rest registry scanning, contact [Datadog Support][16] |
| Container Registries | Amazon ECR (public and private): scans running container images and the last 1,000 pushed images at rest | ACR: scans running container images only<br />**Note:** To request at-rest registry scanning, contact [Datadog Support][16] | Google Artifact Registry: scans images from running workloads only<br />**Note:** To request at-rest registry scanning, contact [Datadog Support][16] |
| Host Images | AMI | Not supported | Not supported |
| Sensitive Data (SDS) | S3, RDS (private beta) | Not supported | Not supported |

Expand Down Expand Up @@ -70,7 +70,7 @@ The following container image registries are supported for container image scans
|---------------------------------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| Amazon ECR (public and private) | GA | Scans running container images **and** the last 1,000 pushed images at rest (by date). This is the only registry with at-rest scanning support |
| Google Artifact Registry (GAR) | GA | Scans images tied to running workloads (Cloud Run, GKE) only<br />**Note**: To request at-rest registry scanning, contact [Datadog Support][16] |
| Azure Container Registry (ACR) | Coming soon | Scans running container images from Azure Container Apps and Azure Container Instances only<br />**Note**: To request at-rest registry scanning, contact [Datadog Support][16] |
| Azure Container Registry (ACR) | GA | Scans running container images from Azure Container Apps and Azure Container Instances only<br />**Note**: To request at-rest registry scanning, contact [Datadog Support][16] |

**Note**: Container image scanning from registry is only supported if you have installed Agentless with:
- CloudFormation Integrations >= v2.0.8
Expand Down Expand Up @@ -101,3 +101,4 @@ The following container runtimes are supported:
[14]: https://www.debian.org/security/oval/
[15]: https://ubuntu.com/security/cve
[16]: /help
[17]: /security/cloud_security_management/setup/agentless_scanning/update
4 changes: 2 additions & 2 deletions content/en/security/cloud_security_management/vulnerabilities/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -80,8 +80,8 @@ Use these tables to decide which solution to start with:
| Container image | OS packages and app packages, mapped to image | OS packages |
| Cloud provider | AWS, Azure, GCP | AWS, Azure, GCP, on-prem, etc. |
| Operating system | Linux, Windows | Linux, Windows |
| Serverless | AWS Lambda, Amazon ECS Fargate, GCP Cloud Run (container deployment only) | Not applicable |
| Container registries | Amazon ECR (running + at-rest), Google Artifact Registry (running workloads only) | Not applicable |
| Serverless | AWS Lambda, Amazon ECS Fargate, Azure Container Apps, Azure Container Instances, GCP Cloud Run (container deployment only) | Not applicable |
| Container registries | Amazon ECR (running + at-rest), Google Artifact Registry (running workloads only), Azure Container Registry (running container images only) | Not applicable |

For more information on compatibility, see [Cloud Security Vulnerabilities Hosts and Containers Compatibility][13]. If you need any assistance, see the [troubleshooting guide][14], or reach out to support@datadoghq.com.

Expand Down
Loading