Agentless Scanning Compatibility

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Availability

The following table provides a summary of Agentless scanning technologies in relation to their corresponding components for each supported cloud provider:

ComponentAWSAzure
Operating SystemLinuxLinux
Host FilesystemBtrfs, Ext2, Ext3, Ext4, xfsBtrfs, Ext2, Ext3, Ext4, xfs
Package ManagerDeb (debian, ubuntu)
RPM (amazon-linux, fedora, redhat, centos)
APK (alpine)		Deb (debian, ubuntu)
RPM (fedora, redhat, centos)
APK (alpine)
EncryptionAWS
Unencrypted
Encrypted - Platform Managed Key (PMK) and Customer Managed Key (CMK)		Encrypted - Platform Managed Key (PMK): Azure Disk Storage Server-Side Encryption, Encryption at host
Note: Encrypted - Customer Managed Key (CMK) is not supported
Container runtimeDocker, containerd
Note: CRI-O is not supported		Docker, containerd
Note: CRI-O is not supported
ServerlessAWS LambdaTo request this feature, contact Datadog Support
Application languages (in hosts and containers)Java, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, CondaJava, .Net, Python, Node.js, Go, Ruby, Rust, PHP, Swift, Dart, Elixir, Conan, Conda

Note: AMIs must be stored in an account that uses Datadog’s AWS integration. Otherwise, Datadog can’t read the AMI’s underlying Amazon Elastic Block Store (EBS) snapshot, so it can’t scan or report on the AMI.

Linux distributions

The following Linux distributions are supported for hosts and containers scans:

Operating SystemSupported VersionsPackage ManagersSecurity Advisories
Alpine Linux2.2-2.7, 3.0-3.19 (edge is not supported)apkhttps://secdb.alpinelinux.org/
Wolfi LinuxN/Aapkhttps://packages.wolfi.dev/os/security.json
ChainguardN/Aapkhttps://packages.cgr.dev/chainguard/security.json
Red Hat Enterprise Linux6, 7, 8dnf/yum/rpmhttps://www.redhat.com/security/data/metrics/ and https://www.redhat.com/security/data/oval/v2/
CentOS6, 7, 8dnf/yum/rpmhttps://www.redhat.com/security/data/metrics/ and https://www.redhat.com/security/data/oval/v2/
AlmaLinux8, 9dnf/yum/rpmhttps://errata.almalinux.org/
Rocky Linux8, 9dnf/yum/rpmhttps://download.rockylinux.org/pub/rocky/
Oracle Linux5, 6, 7, 8dnf/yum/rpmhttps://linux.oracle.com/security/oval/
CBL-Mariner1.0, 2.0dnf/yum/rpmhttps://github.com/microsoft/CBL-MarinerVulnerabilityData/
Amazon Linux1, 2, 2023dnf/yum/rpmhttps://alas.aws.amazon.com/
openSUSE Leap42, 15zypper/rpmhttp://ftp.suse.com/pub/projects/security/cvrf/
SUSE Linux Enterprise11, 12, 15zypper/rpmhttp://ftp.suse.com/pub/projects/security/cvrf/
Photon OS1.0, 2.0, 3.0, 4.0tdnf/yum/rpmhttps://packages.vmware.com/photon/photon_cve_metadata/
Debian GNU/Linux7, 8, 9, 10, 11, 12 (unstable/sid is not supported)apt/dpkghttps://security-tracker.debian.org/tracker/ and https://www.debian.org/security/oval/
UbuntuAll versions supported by Canonicalapt/dpkghttps://ubuntu.com/security/cve

Application libraries

The following application languages and libraries are supported for vulnerability scans on containers and Lambda instances:

LanguageSupported Package ManagerSupported Files
RubybundlerGemfile.lock, gemspec
.NETnugetpackages.lock.json, packages.config, .deps.json, *packages.props
GomodBinaries built by Go, go.mod
JavaGradle, Mavenpom.xml, *gradle.lockfile, JAR/WAR/PAR/EAR (with pom.properties)
Node.jsnpm, pnpm, yarnpackage-lock.json, yarn.lock, pnpm-lock.yaml, package.json
PHPcomposercomposer.lock
Pythonpip, poetrypipfile.lock, poetry.lock, egg package, wheel package, conda package

Container image registries

The following container image registries are supported for container image scans:

  • Amazon ECR public
  • Amazon ECR private

Note: Container image scanning from registry is only supported if you have installed Agentless with:

  • Cloudformation Integrations >= v2.0.8
  • Terraform Agentless Module >= v0.11.7

Container runtimes

The following container runtimes are supported:

  • containerd: v1.5.6 or later
  • Docker

Note for container observations: Agentless Scanning requires uncompressed container image layers. As a workaround, you can set the configuration option discard_unpacked_layers=false in the containerd configuration file.