TABLE OF CONTENTS


Introduction


The primary function of the Aqua Scanner (or simply "Scanner") is to scan the following types of objects for security issues:

  • Container images
  • VMware Tanzu applications
  • Functions (serverless)


Security issues are defined as vulnerabilities, sensitive data, and malware. The Scanner looks for the following, depending on the scanned object type:


Scanned objectSecurity issues scanned for
Container imagesVulnerabilities, sensitive data, and malware
VMware Tanzu applicationsVulnerabilities, sensitive data, and malware
Functions (serverless)Vulnerabilities and sensitive data


In the Scanners screen, you can perform the functionality described below.


View connected Scanners


In Workload Protection: Navigate to Administration > Scanners. You will see a list of all Scanners that have been connected to Aqua. For example:



Add a Scanner


You can add (connect) a new Scanner to run on either a Linux or a Windows host, and scan objects corresponding to the OS type.


  1. In Workload Protection: Navigate to Administration > Scanners.
  2. Click Connect Scanner (the button is highlighted in the screenshot above).
  3. Fill out the screen, as shown below. Ensure that you select the appropriate OS.

  4. Click Save and Get Deployment Command.
  5. A deployment command will appear in a panel like this; click Copy to copy the command to the clipboard, and run the command:


    For Windows, you can run either of two deployment commands (executable or MSI):



  6. Newly connected Scanners will appear in the Scanners screen:


Edit a Scanner


  1. In Workload Protection: Navigate to Administration > Scanners.
  2. Select a Scanner, and click Edit:



  3. In the screen that appears next, you can edit the description of the Scanner or copy the deployment command(s).


Delete Scanner(s)


  1. In Workload Protection: Navigate to Administration > Scanners.
  2. Select one or more Scanners, and click Delete:



  3. Confirm the deletion when you see the prompt.