Sensor Types

A sensor can only be deployed in a single mode on a single container’s host/cluster node. There are three types of sensors (modes): General, Cluster, Runtime, CI/CD, Registry, and QScanner.

General

The General mode sensor is installed on your container nodes/hosts. It provides vulnerability and compliance assessments for your running containers and locally cached images. The general sensor performs demand driven assessments based on container events like containers instantiated and images pulled. There is no on demand scan or scheduled scan assessments; the sensor reacts to the container environment changes in real time. The general mode sensor must be deployed separately from the Registry or CI/CD sensor.

CI/CD

CI/CD mode is for sensors running on CI Pipeline workers. It is a demand-driven assessment based on specific events. The sensor in CI/CD mode does not inventory or assess other images or containers running on the host/node. The sensor in CI/CD mode performs vulnerability assessments on specifically tagged images and the assessment results are put into a priority processing queue with a faster SLA specifically for CI Pipeline assessments. The CI/CD sensor must be deployed separately from the General or Registry sensor.

Registry

Registry mode provides inventory and vulnerability assessment for images stored in registries. The sensor, in registry mode, will not inventory or perform vulnerability assessments of the images or containers on the host where the sensor is deployed. The sensor in registry mode must have network access to the registry URL. The registry mode sensor will not discover registries automatically. The images inventoried and assessed are scoped by the registry connector scan jobs. These scan jobs are either automatic (scheduled) or on demand. Log into the Container Security UI to configure a registry connector and scan job. Refer to the online help for guidance. The registry mode sensor must be deployed separately from the General or CI/CD sensor.