You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/defender-for-cloud/defender-for-containers-introduction.md
+7-4Lines changed: 7 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -73,11 +73,11 @@ There are four triggers for an image scan:
73
73
74
74
-**Recently pulled** - Since new vulnerabilities are discovered every day, **Microsoft Defender for Containers** also scans, on a weekly basis, any image that has been pulled within the last 30 days. There's no extra charge for these rescans; as mentioned above, you're billed once per image.
75
75
76
-
-**On import** - Azure Container Registry has import tools to bring images to your registry from Docker Hub, Microsoft Container Registry, or another Azure container registry. **Microsoft Defender for container Containers** scans any supported images you import. Learn more in [Import container images to a container registry](../container-registry/container-registry-import-images.md).
76
+
-**On import** - Azure Container Registry has import tools to bring images to your registry from Docker Hub, Microsoft Container Registry, or another Azure container registry. **Microsoft Defender for Containers** scans any supported images you import. Learn more in [Import container images to a container registry](../container-registry/container-registry-import-images.md).
77
77
78
78
-**Continuous scan**- This trigger has two modes:
79
79
80
-
- A Continuous scan based on an image pull. This scan is performed every seven days after an image was pulled, and only for 30 days after the image was pulled. This mode doesn't require the security profile, or extension.
80
+
- A continuous scan based on an image pull. This scan is performed every seven days after an image was pulled, and only for 30 days after the image was pulled. This mode doesn't require the security profile, or extension.
81
81
82
82
- (Preview) Continuous scan for running images. This scan is performed every seven days for as long as the image runs. This mode runs instead of the above mode when the Defender profile, or extension is running on the cluster.
83
83
@@ -90,7 +90,7 @@ Defender for Cloud filters, and classifies findings from the scanner. When an im
90
90
91
91
### View vulnerabilities for running images
92
92
93
-
The recommendation **Running container images should have vulnerability findings resolved** shows vulnerabilities for running images by using the scan results from ACR registeries and information on running images from the Defender security profile/extension. Images that are deployed from a non ACR registry, will appear under the Not applicable tab.
93
+
The recommendation **Running container images should have vulnerability findings resolved** shows vulnerabilities for running images by using the scan results from ACR registeries and information on running images from the Defender security profile/extension. Images that are deployed from a non ACR registry, will appear under the **Not applicable** tab.
94
94
95
95
:::image type="content" source="media/defender-for-containers/running-image-vulnerabilities-recommendation.png" alt-text="Screenshot showing where the recommendation is viewable" lightbox="media/defender-for-containers/running-image-vulnerabilities-recommendation-expanded.png":::
96
96
@@ -220,14 +220,17 @@ The following describes the components necessary in order to receive the full pr
220
220
## FAQ - Defender for Containers
221
221
222
222
-[What are the options to enable the new plan at scale?](#what-are-the-options-to-enable-the-new-plan-at-scale)
223
+
-[Does Microsoft Defender for Containers support AKS clusters with virtual machines scale set (VMSS)?](#does-microsoft-defender-for-containers-support-aks-clusters-with-virtual-machines-scale-set-vmss)
224
+
-[Does Microsoft Defender for Containers support AKS without scale set (default)?](#does-microsoft-defender-for-containers-support-aks-without-scale-set-default)
225
+
-[Do I need to install the Log Analytics VM extension on my AKS nodes for security protection?](#do-i-need-to-install-the-log-analytics-vm-extension-on-my-aks-nodes-for-security-protection)
223
226
224
227
### What are the options to enable the new plan at scale?
225
228
We’ve rolled out a new policy in Azure Policy, **Configure Microsoft Defender for Containers to be enabled**, to make it easier to enable the new plan at scale.
226
229
227
230
### Does Microsoft Defender for Containers support AKS clusters with virtual machines scale set (VMSS)?
228
231
Yes.
229
232
230
-
### Does Microsoft Defender for Containers support AKS without scale set (default)?
233
+
### Does Microsoft Defender for Containers support AKS without scale set (default)?
231
234
No. Only Azure Kubernetes Service (AKS) clusters that use virtual machine scale sets for the nodes is supported.
232
235
233
236
### Do I need to install the Log Analytics VM extension on my AKS nodes for security protection?
0 commit comments