Trend Micro Artifact Scanner (TMAS) | Trend Micro Service Central

Views:

Trend Micro Artifact Scanner (TMAS) performs pre-runtime image, vulnerability, malware, and secret scans on artifacts (see supported artifacts), enabling you to identify and fix issues before they reach a production environment, like Kubernetes for container images, for example. After TMAS is integrated into your CI/CD pipeline, you can view the scan results of registry image artifacts for vulnerabilities, malware, and secrets in Container Protection → Container Image Scanning.

Supported scanners:

Vulnerabilities: TMAS performs open source vulnerability scanning. The vulnerability database receives up-to-date threat data from open source vulnerability feeds. TMAS can find vulnerabilities in supported operating systems and programming languages (see table below).
Malware: TMAS detects all types of malware, including trojans, ransomware, and spyware, using the latest file reputation and variant protection technologies backed by threat research. TMAS detects obfuscated or polymorphic variants of malware based on fragments of previously encountered malware.
Secrets: TMAS scans artifacts for secret data, which is sensitive data that should not be exposed. Leaked secrets can leave your resources open to attack through impersonation. TMAS can detect hard-coded secrets such as passwords, API keys and tokens in container images, directories containing source code, and files.

Supported operating systems	Supported programming languages
Alpine Amazon Linux BusyBox CentOS Debian Distroless Oracle Linux Red Hat (RHEL) Ubuntu	Ruby (Gems) Java (JAR, WAR, EAR, JPI, HPI) JavaScript (NPM, Yarn) Python (Egg, Wheel, Poetry, requirements.txt/setup.py files) Dotnet (deps.json) Golang (go.mod) PHP (Composer) Rust (Cargo)