Sysdig Cloud Scanning leverages Cloud Audit log like AWS CloudTrail to detect container images that are being pushed to your registries or used in cloud workloads. When a new image is detected, a scanning process can be started to analyze the image and report vulnerabilities directly to Sysdig Secure.

Installation

Sysdig Cloud Connector is part of Sysdig Cloud Security platform. Please check Sysdig Cloud Security site for installation guides on the different cloud providers.

Configuration

The CloudScanning component can be configured by setting the following environment variables:

Common

AWS

AWS Single-account mode

When running CloudScanning in a single account. The role executing the task has required permissions in the account.

AWS Multi-account

When running CloudScanning in multi-account mode. Each of the child accounts has a SQS queue following the naming convention specified by SQS_QUEUE_NAME and there is a role ACCOUNT_ROLE on each child account that the executing task can assume, providing all the required permissions.

Google Cloud Platform