Scanning works across any application and all major Linux distributions. It provides integration into a Containers as a Service workflow that improves an organization's security posture through central IT managed secure content, the company said. As part of the security enhancement, the company also released an update to Docker Bench. The release automates validating a host's configuration against CIS Benchmark recommendations. With the update, Docker users can implement recommendations from the latest CIS Docker Benchmark to ensure that their platform is configured to be in line with the best practices outlined for Docker Engine 1.11, McCauley told LinuxInsider. This security process helps answer several critical questions on computer security. It tells users the contents of a Docker container. It lets users know where code originated, how to avoid bad components, and how to keep patches current for compliance and governance. "With this process, the developer becomes part of the security process. Devs are able to see the results of the scanning process before they deploy the software," said McCauley. "We've made it our goal to secure the global software supply chain from development, test to production." How It Works Docker image scanning and vulnerability detection provides a container-optimized capability for granular auditing of images. The results are presented in a bill of materials containing the details of the image layers and components, along with the security profile of each component, according to Docker. That allows independent software vendors, publishers and app teams to make informed decisions regarding content based on their security policies. ISVs can use the information to actively fix vulnerabilities to maintain high-quality security profiles of their content and transparently deploy them to their end users. App teams can decide if they want to use an ISV image based on the displayed profile and flexibly use Security Scanning to check the additional code before deciding to deploy. Without that optional security enhancement, IT operations rely on the information published by each ISV on the state of their content to the Common Vulnerabilities and Exposures databases and manually monitor them for any issues. Docker Security Scanning automates the process and notifies an organization when a vulnerability is reported for any component within the images.
Subscribe to:
Post Comments (Atom)