Containers have restructured the way we think about our infrastructure, bringing development and operations teams closer together than ever before, and placing applications center stage in the infrastructure environment. Teams are massively scaling containerized deployments with Kubernetes and Kubernetes-based solutions, like Red Hat’s enterprise-grade container orchestration platform, OpenShift Container Platform. But in containerized deployments, because applications sit closer to the infrastructure, without an intervening hypervisor and host OS, application security is more important than ever. In fact, security remains among the most important barriers to container adoption.
Black Duck by Synopsys fills a container security void
Last November we announced the launch of our infrastructure security product, OpsSight, to bring open source visibility and control to operations teams managing large-scale container deployments with OpenShift and Kubernetes. OpsSight automatically scans every image, as it is used by the cluster, for open source and associated vulnerabilities. It then annotates the pod with metadata to highlight any policy violations. This information enables teams to ensure that vulnerable containers are not allowed to run in production. Finally, OpsSight continuously monitors for any newly reported vulnerabilities that may affect the contents of running containers, alerting teams so they can find and fix those vulnerabilities before a hacker might exploit them. In this solution, Black Duck created the first proactive security solution that could scale with the realities of containerized deployments.
Container technology moves lightning fast
The world of container orchestration and Kubernetes is rapidly changing. Recently, Red Hat released OpenShift Container Platform 3.9. In this latest release, Red Hat stepped up security and usability with a new central auditing capability, console timeouts, and improved service catalog workflows. Additionally, OpenShift can now preserve data across more environments, including PostgreSQL, MariaDB, and MySQL; it advances device plugin support and grows the types of local storage that are supported. Check out the OpenShift Commons Briefing on OpenShift Container Platform 3.9 for a full run-through.
Enter OpsSight 2.0 Container Security solution
Black Duck too has evolved our container security solution to meet the needs of our customers. Today we are announcing OpsSight 2.0. This new version has the same important security features as its older brother but has been re-architected to better scale and maintain support for the latest and greatest in container orchestration, like OpenShift Container Platform 3.9 and Kubernetes 1.10. OpsSight 2.0 also features:
Continue Reading...
Posted in Container Security, Open Source Security | Comments Off on Announcing OpsSight Container Security 2.0 GA
Software Integrity Insight is your resource on the cyber security and open source security that made the headlines!
Continue Reading...
Posted in Automotive Security, Container Security, Open Source Security | Comments Off on NIST report on container security, GitLab Developer Report, VW and Audi remote hacks
Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, container security risks associated with containerized delivery has become a hot topic in DevOps. This puts the spotlight on operations teams to find security vulnerabilities in the production environment.
Continue Reading...
Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on 8 takeaways from NIST’s Application Container Security Guide
It’s nearly an all-Tim Mackey issue of Software Integrity Insight as our technical evangelist weighs in on data breaches, container adoption, GitHub, and open source serverless applications. Other stories in this week’s software integrity news include the SirenJack vulnerability, a security vulnerability potentially putting warning sirens across the city of San Francisco at risk, and more.
Continue Reading...
Posted in Container Security, Data Breach, Internet of Things, Open Source Security, Webinars | Comments Off on Data breaches, SirenJack, and serverless apps vulns
As application development teams are pressured to deliver software faster than ever, containers offer clear advantages. Docker debuted to the public in 2013, and since then there have been over 29 billion Docker container downloads.
Benefits of containerization
Continue Reading...
Posted in Container Security, General | Comments Off on Container adoption by the numbers
Open Source Insight makes the transition to the Synopsys Software Integrity (SIG) blog this week, and you can find us here, as well as the latest posts from SIG technology evangelist Tim Mackey. This week’s edition looks at security for container images, cyber security in healthcare, how most data breaches occur, and a host of other open source security and cyber security news.
Continue Reading...
Posted in Container Security, Data Breach, Healthcare Security, Open Source Security | Comments Off on What’s in your containers?, Spring Break vulnerability, cyber security in healthcare
Do you know what’s in your containers? No, the question has nothing to do with those mystery containers in your fridge. But if you don’t know what’s in those lovely Docker containers which are all the rage, you could be in store for just as rude a surprise as discovering what might be hiding deep in your fridge.
Continue Reading...
Posted in Container Security | Comments Off on Using containers? What’s hidden in your container images?
Today, open source components are at the heart of most modern applications, transforming how we architect solutions in every industry. Black Duck’s 2017 Open Source Security and Risk Analysis of over 1000 commercial applications revealed that 96% of applications scanned utilized open source. Meanwhile, more than 60% of those applications contained known security vulnerabilities in their open source components, and on average, vulnerabilities identified in these applications have been publicly known for over four years.
Continue Reading...
Posted in Container Security, Open Source Security | Comments Off on Achieving open source security in container environments
Before Black Duck began leveraging Docker, customers utilized the App Manager Install Method to deploy it. Black Duck now deploys as a set of containers, so customers need to install Docker to take advantage of updates to the application. By the end of this guide, you’ll have a basic understanding of how to migrate Black Duck to a containerized environment, as well as the benefits of using containers.
Continue Reading...
Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Migrating to Docker on Black Duck
Black Duck Academy hosts a series of videos that help our customers deploy, manage, and use our products. To help our customers see value from Black Duck immediately after their purchase, this post supplements our video on installing the Hub. Think of this post as a quick way to get you started with the Dockerized Hub installation, outlining the workplace specifications as well as the tools and steps you’ll take to deploy the Hub.
Continue Reading...
Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on An introduction to installing Black Duck