🚀  ARMO Monthly Product Roundup – January 2026 🚀 

It’s been a big month at ARMO – we shipped several powerful new capabilities to help you get more visibility, move faster, and stay ahead of real threats. Here’s what’s new.

CSPM for Azure

Get full visibility into the security posture of your Azure subscriptions – from VMs to identities and policies. ARMO now continuously analyzes your Azure environment for misconfigurations, risky permissions, and compliance gaps.
Why it matters: You can now detect and prioritize Azure risks before they become breaches, using the same unified risk model you already trust for Kubernetes and AWS.
Docs: Connect Azure to ARMO

Buyers’ checklist for Cloud Runtime Security products

Evaluate and choose cloud runtime security products for comprehensive detection

Read Now

Read Now

CSPM for Google Cloud (GCP)

ARMO now supports full posture management for GCP projects, including compute, storage, networking, and IAM. We ingest and analyze your GCP resource configurations and security controls to surface exposures and compliance issues.
Why it matters: You get a consistent, multi-cloud security posture view across AWS, Azure, and GCP — without switching tools or workflows.
Docs: Connect GCP to ARMO

Stream Incidents to SIEM

You can now stream ARMO runtime incidents and detections directly into your SIEM provider. This includes incident metadata, workload context, threat classification, and response actions.
Why it matters: Your SOC teams can investigate Kubernetes and cloud runtime threats inside their existing SIEM workflows – with rich context instead of raw alerts.
Docs: SIEM integrations

Linear Ticketing Integration

ARMO now integrates with Linear, allowing you to automatically create and track security issues in your dev team’s ticketing system. Incidents and findings can be pushed directly to Linear with full context.
Why it matters: Security findings now land where developers already work, making it easier to fix issues fast and keep everyone aligned.
Docs: Connect Linear to ARMO

GitLab Container Registry Integration

ARMO now integrates with GitLab Container Registry to scan container images before they are deployed to Kubernetes workloads. We analyze images for known vulnerabilities, risky packages.

Why it matters: Scanning container images in the registry catches vulnerabilities before they ever reach a cluster, turning security from a firefight into a quality gate. Teams can block risky images, fix issues earlier in the pipeline, and avoid deploying known-exploitable software into production.
Docs: GitLab registry integration

Custom Threat Detection Rules (CEL-based)

You can now create your own custom runtime detection rules using CEL (Common Expression Language). Define exactly what suspicious or risky behavior looks like, based on workload, process, network, file, or cloud activity.
Why it matters: This gives you full control to detect what matters most to your environment, without relying only on generic rules or noisy signatures.
Docs: Custom Detection Rules

Meet Your CVEs Terminator

Learn how you can reduce up to 80% of the CVEs you need to fix
so you can focus on terminating the most relevant ones. Get the cheat sheet now.

Read Now

Read Now