Repository Scanning

In addition to clusters, ARMO Platform provides a method to scan your code for misconfigurations to help prevent deploying code into your cluster that might have exploitable misconfigurations.

ARMO Platform connects to public or private repositories and scans YAML files for problems.

You can connect to a repository for scanning from this section.

Filter controls or resources

You can filter controls by framework using the Framework tiles at the top of the page. By default, controls are filtered by the framework used to scan the cluster. You can filter by different frameworks, assuming that the controls that failed exist in the other frameworks. This filter list doesn’t impact scanning.

You can further filter controls by clicking +Add filter. You can reorder the list of failed controls by clicking the arrows in the table.

View failed resources

By default, failed resources are displayed as they would be in the repo. Click the resources to examine the issue in the code. We highlight the line with the misconfiguration and provide the control that failed.

View remediation suggestions

When viewing a failed resource, click Fix. This lists more information about the failed resource, provides remediation suggestions and opens a copy of the file that contains the misconfiguration. Use this information to find the file that includes the issue, and then take appropriate steps to fix the issue.

If you have a Collaboration enabled, you can create a Jira ticket or send a Slack message with the remediation information from within the ARMO Platform.

Accepting a Risk

Accepting a risk isn't supported yet for repository scanning