Agentless Scanning Compatibility

Docs > Plateforme de sécurité Datadog > Cloud Security Management > Configurer Cloud Security Management > Cloud Security Agentless Scanning > Agentless Scanning Compatibility

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Availability

The following table provides a summary of Agentless scanning technologies in relation to their corresponding components for each supported cloud provider:

Component	AWS	Azure	GCP
Operating System	Linux; Windows Server 2016, 2019, 2022; Windows 10 or later	Linux; Windows Server 2016, 2019, 2022; Windows 10 or later	Linux; Windows Server 2016, 2019, 2022; Windows 10 or later
Host Filesystem	Btrfs, Ext2, Ext3, Ext4, xfs	Btrfs, Ext2, Ext3, Ext4, xfs	Btrfs, Ext2, Ext3, Ext4, xfs
Package Manager	Deb (debian, ubuntu) RPM (amazon-linux, fedora, redhat, centos) APK (alpine)	Deb (debian, ubuntu) RPM (fedora, redhat, centos) APK (alpine)	Deb (debian, ubuntu) RPM (fedora, redhat, centos) APK (alpine)
Encryption	AWS Unencrypted Encrypted - Platform Managed Key (PMK) and Customer Managed Key (CMK)	Encrypted - Platform Managed Key (PMK): Azure Disk Storage Server-Side Encryption, Encryption at host Note: Encrypted - Customer Managed Key (CMK) is not supported	Encrypted - Platform Managed Key (PMK): Persistent Disk Encryption, Confidential VM Note: Encrypted - Customer Managed Encryption Key (CMEK) and Customer-Supplied Encryption Keys (CSEK) are not supported
Container runtime	Docker, containerd Note: CRI-O is not supported	Docker, containerd Note: CRI-O is not supported	Docker, containerd Note: CRI-O is not supported
Serverless	AWS Lambda AWS Fargate for ECS	To request this feature, contact Datadog Support	Cloud Run (container deployment type)
Application languages (in hosts and containers)	Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda	Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda	Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda
Container Registries	Amazon ECR (public and private)		Google Artifact Registry

Note: AMIs must be stored in an account that uses Datadog’s AWS integration. Otherwise, Datadog can’t read the AMI’s underlying Amazon Elastic Block Store (EBS) snapshot, so it can’t scan or report on the AMI.

Linux distributions

The following Linux distributions are supported for hosts and containers scans:

Operating System	Supported Versions	Package Managers	Security Advisories
Alpine Linux	2.2-2.7, 3.0-3.19 (edge is not supported)	apk	https://secdb.alpinelinux.org/
Wolfi Linux	N/A	apk	https://packages.wolfi.dev/os/security.json
Chainguard	N/A	apk	https://packages.cgr.dev/chainguard/security.json
Red Hat Enterprise Linux	6, 7, 8	dnf/yum/rpm	https://www.redhat.com/security/data/metrics/ and https://www.redhat.com/security/data/oval/v2/
CentOS	6, 7, 8	dnf/yum/rpm	https://www.redhat.com/security/data/metrics/ and https://www.redhat.com/security/data/oval/v2/
AlmaLinux	8, 9	dnf/yum/rpm	https://errata.almalinux.org/
Rocky Linux	8, 9	dnf/yum/rpm	https://download.rockylinux.org/pub/rocky/
Oracle Linux	5, 6, 7, 8	dnf/yum/rpm	https://linux.oracle.com/security/oval/
CBL-Mariner	1.0, 2.0	dnf/yum/rpm	https://github.com/microsoft/CBL-MarinerVulnerabilityData/
Amazon Linux	1, 2, 2023	dnf/yum/rpm	https://alas.aws.amazon.com/
openSUSE Leap	42, 15	zypper/rpm	http://ftp.suse.com/pub/projects/security/cvrf/
SUSE Linux Enterprise	11, 12, 15	zypper/rpm	http://ftp.suse.com/pub/projects/security/cvrf/
Photon OS	1.0, 2.0, 3.0, 4.0	tdnf/yum/rpm	https://packages.vmware.com/photon/photon_cve_metadata/
Debian GNU/Linux	7, 8, 9, 10, 11, 12 (unstable/sid is not supported)	apt/dpkg	https://security-tracker.debian.org/tracker/ and https://www.debian.org/security/oval/
Ubuntu	All versions supported by Canonical	apt/dpkg	https://ubuntu.com/security/cve

Application libraries

The following application languages and libraries are supported for vulnerability scans on containers and Lambda instances:

Language	Supported Package Manager	Supported Files
Ruby	bundler	Gemfile.lock, gemspec
.NET	nuget	packages.lock.json, packages.config, .deps.json, *packages.props
Go	mod	Binaries built by Go, go.mod
Java	Gradle, Maven	pom.xml, *gradle.lockfile, JAR/WAR/PAR/EAR (with pom.properties)
Node.js	npm, pnpm, yarn	package-lock.json, yarn.lock, pnpm-lock.yaml, package.json
PHP	composer	composer.lock
Python	pip, poetry	pipfile.lock, poetry.lock, egg package, wheel package, conda package

Container image registries

The following container image registries are supported for container image scans:

Amazon ECR public
Amazon ECR private

Note: Container image scanning from registry is only supported if you have installed Agentless with:

Cloudformation Integrations >= v2.0.8
Terraform Agentless Module >= v0.11.7

Container runtimes

The following container runtimes are supported:

containerd: v1.5.6 or later
Docker

Note for container observations: Agentless Scanning requires uncompressed container image layers. As a workaround, you can set the configuration option discard_unpacked_layers=false in the containerd configuration file.