Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts.
Posted in Container Security, Open source and software supply chain risks, Software Composition Analysis (SCA)
Containers have restructured the way we think about our infrastructure, bringing development and operations teams closer together than ever before, and placing applications center stage in the infrastructure environment.
Posted in Container Security, Open Source Security, Security news and research
Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, container security risks associated with containerized delivery has become a hot topic in DevOps. This puts the spotlight on operations teams to find security vulnerabilities in the production environment.
Posted in Agile, CI/CD & DevOps, Container Security, Open Source Security, Security news and research
As application development teams are pressured to deliver software faster than ever, containers offer clear advantages. Docker debuted to the public in 2013, and since then there have been over 29 billion Docker container downloads. Benefits of containerization
Posted in Container Security
Do you know what’s in your containers? No, the question has nothing to do with those mystery containers in your fridge. But if you don’t know what’s in those lovely Docker containers which are all the rage, you could be in store for just as rude a surprise as discovering what might be hiding deep in your fridge.
Posted in Container Security
Organizations today work in a continuous delivery environment, requiring speed and agility in deployment and the ability to monitor applications once deployed. These requirements are accelerating the adoption of containers in the production environment. In October, DockerCon Europe revealed that 24 billion containers have been downloaded. Not surprisingly, there’s been a corresponding 77,000% growth in Docker job listings. Why use containers? As application development teams are pressured to deliver software faster than ever, container adoption offers clear advantages. A Forrester study found that 66% of organizations who adopted containers experienced accelerated developer efficiency, while 75% of companies achieved a moderate to significant increase in application deployment speed. Got a lot of containers to secure?Download the eBook. As the saying goes, time is money. As development and operations teams deliver software without the hassle of constantly reconfiguring infrastructure, they save time and cut costs. In a different study, Forrester discovered that organizations saved upward of 70% on dev/test costs after container adoption, and 40% on production costs, while operating on 80% fewer servers. Similarly, case studies revealed that organizations who adopted containers experienced average cost savings of 50% in the production environment. Since containers do not require hypervisors, much of these savings come from a reduction in hypervisor licensing costs.
Posted in Agile, CI/CD & DevOps, Container Security
Containers offer many advantages over monolithic applications, packaged as VMs. Most importantly, a container image is immutable, easily built and deployed without reliance on permanent infrastructure.
Posted in Agile, CI/CD & DevOps, Container Security, Open source and software supply chain risks, Open Source Security
We heard our customers loud and clear. Our old AppManager product on which we ran the Hub on wasn’t working for you. That’s why we replatformed our Black Duck Hub solution on the Docker platform.
Posted in Container Security, Open Source Security, Software Composition Analysis (SCA)
We’re shifting the Black Duck Hub to a Docker-based architecture, so we created this quick video to give you an overview of some key questions we’ve heard from our customers about this change.
Posted in Container Security, Open Source Security, Software Composition Analysis (SCA)
This is the eighth year we’ve run the Black Duck Open Source Rookies of the Year. Each year we review the world of open source and recognize top new projects launched during the past year, be sure to check out the top new projects of 2016. Today, we’re excited to share the story of the Rocket.Chat project, which enables privately hosted chat services.
Posted in Agile, CI/CD & DevOps, Container Security, Open source and software supply chain risks