Views:

Ensure your Agentless Vulnerability & Threat Detection deployment to your Oracle Cloud Infrastructure (OCI) compartment proceeds smoothly by completing steps prior to deployment.

OCI environments have provider-specific requirements you must satisfy to successfully deploy Agentless Vulnerability & Threat Detection to your OCI compartment. Ensure the following steps are complete before deployment to your connected OCI compartment.

Procedure

  1. Set up your Terraform environment.
    1. Make sure Docker is installed, open, and running. Agentless Vulnerability & Threat Detection requires Docker to execute the deployment script.
    2. If you are using Windows Subsystem for Linux (Windows WSL), make sure the jq tool is installed.
  2. Configure your OCI compartment for Agentless Vulnerability & Threat Detection deployment.
    1. Make sure you have added the Oracle required and granted permissions to your deployment environment.
    2. Replicate your home region identity domain to the regions containing the resources you want Agentless Vulnerability & Threat Detection to scan. To learn more, see Oracle's documentation on replicating an identity domain to multiple regions.
      Note
      Note
      You only need to replicate your home region identity domain before the initial Agentless Vulnerability & Threat Detection deployment. The domain does not need to be replicated for subsequent deployments unless you are deploying to a new region.
  3. Verify that your OCI compartment has sufficient resource quotas to handle Agentless Vulnerability & Threat Detection deployment.
    1. Check the following static resource types and ensure your quotas meet or exceed the numbers of resources deployed by Agentless Vulnerability & Threat Detection.

      OCI static resource quota requirements

      Resource type
      Quota requirement: deployment to primary region only
      Quota requirements: deployment to primary region and non-primary region
      oci_artifacts_container_images
      2
      3
      oci_artifacts_container_repository
      1
      2
      oci_core_default_security_list
      1
      2
      oci_core_internet_gateway
      1
      2
      oci_core_nat_gateway
      1
      2
      oci_core_route_table
      3
      6
      oci_core_security_list
      1
      2
      oci_core_service_gateway
      1
      2
      oci_core_services
      1
      2
      oci_core_subnet
      2
      4
      oci_core_vcn
      1
      2
      oci_events_rule
      1
      2
      oci_functions_application
      2
      4
      oci_functions_function
      16
      28
      oci_identity_policy
      4
      4
      oci_logging_log
      19
      34
      oci_logging_log_group
      2
      4
      oci_monitoring_alarm
      3
      6
      oci_objectstorage_bucket
      1
      2
      oci_objectstorage_object
      1
      2
      oci_objectstorage_object_lifecycle_policy
      1
      2
      oci_ons_subscription
      8
      16
      oci_queue_queue
      1
      2
      oci_resource_scheduler_schedule
      10
      17
      oci_vault_secret
      3
      3
    2. Ensure the resource limits set for your deployed region are sufficient to handle the following dynamic resources created during Agentless Vulnerability & Threat Detection scans.
      • Block volumes
      • Block volume backups
      • Boot volumes
      • Boot volume backups
      • Compute instances
      • Container instances
      Note
      Note
      • The Agentless Vulnerability & Threat Detection container instance scaler uses a two-tiered architecture to handle container image scanning. The requirements for dynamically created resources differ based on the container instance tier.
      • Agentless Vulnerability & Threat Detection automatically deletes dynamically created resources when a scan completes.

      Dynamic resource requirements for Agentless Vulnerability & Threat Detection scans by container instance tier

      Container instance tier
      Purpose
      Required resources
      Image size scaling
      Normal
      Scanning of images less than or equal to 5 GB in size
      • 16 GB RAM
      • 1 OCPU
      • One instance required per 10 images scanned
      • Maximum of 100 instances created per scan
      Large
      Scanning of images from 5 GB to 30 GB in size
      • 128 GB RAM
      • 2 OCPUs
      • Memory-backed temporaty file system (tmfps) mounted at /tpm
      • One instance required per 10 images scanned
      • Maximum of 10 instances created per scan
      Note
      Note
      • Limits for OCPUs are compartment-level limits shared with OCI compute instances. Administrators can set OCPU limits by region, with specific limits for different OCI compute shapes.
      • To learn more about making sure your compartment in the deployment region has sufficient resource limits to handle OCI container instance services used by Agentless Vulnerability & Threat Detection, see the Oracle documentation on viewing a tenancy's limits and usage and limits by service.