Welcome to ARMO Platform

ARMO Platform is a SaaS solution for Kubernetes and CI/CD security that is powered by Kubescape. You can use ARMO Platform to harden your Kubernetes clusters, secure your CI/CD pipelines, understand your RBAC status, or pass your Kubernetes security audits.

To sign up for ARMO Platform, sign up for an ARMO Platform account. The signup process guides you through connecting your cluster to ARMO Platform and your first scan.

How ARMO Platform works

ARMO Platform uses the open source project Kubescape to scan your Kubernetes clusters, registries, and code repositories for vulnerabilities and misconfigurations.

ARMO initially developed the open source project and continues to contribute to it.

Architecture

When running in-cluster, ARMO Platform provides a code snippet to deploy Kubescape as a microservice using a helm chart.

The Kubescape microservice scans the cluster periodically. Misconfiguration information is pulled from ARMO’s regolibrary, while vulnerability information is pulled from Kubevuln.

By default, the microservice scans the host node for to give more context to scans and includes this data when the scans are sent. The scans are aggregated and stored in ARMO Platform, where you can use our toolset to view any identified issue and potential fixes or remediation steps.

For more information about Kubescape, view the Kubescape architecture documentation.

Communication

ARMO Platform and the Kubescape microservice communicate using gateways over HTTPS.

Scan data is sent over HTTPS to an endpoint on the ARMO Platform.

Data retention

Scan data sent to the ARMO Platform is saved for one month for a free user and three months for a paid user before being deleted.