Software Integrity Blog

Archive for the 'Container Security' Category

 

Container adoption today: Advantages and challenges

Organizations today work in a continuous delivery environment, requiring speed and agility in deployment and the ability to monitor applications once deployed. These requirements are accelerating the adoption of containers in the production environment. In October, DockerCon Europe revealed that 24 billion containers have been downloaded. Not surprisingly, there’s been a corresponding 77,000% growth in Docker job listings. Why use containers? As application development teams are pressured to deliver software faster than ever, container adoption offers clear advantages. A Forrester study found that 66% of organizations who adopted containers experienced accelerated developer efficiency, while 75% of companies achieved a moderate to significant increase in application deployment speed. Got a lot of containers to secure? Download the eBook. As the saying goes, time is money. As development and operations teams deliver software without the hassle of constantly reconfiguring infrastructure, they save time and cut costs. In a different study, Forrester discovered that organizations saved upward of 70% on dev/test costs after container adoption, and 40% on production costs, while operating on 80% fewer servers. Similarly, case studies revealed that organizations who adopted containers experienced average cost savings of 50% in the production environment. Since containers do not require hypervisors, much of these savings come from a reduction in hypervisor licensing costs.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on Container adoption today: Advantages and challenges

 

8 takeaways from NIST’s application container security guide

Companies are leveraging containers on a massive scale to rapidly package and deliver software applications. But because it is difficult for organizations to see the components and dependencies in all their container images, the security risks associated with containerized software delivery has become a hot topic in DevOps. This puts the spotlight on Operations teams to find security vulnerabilities in the production environment.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on 8 takeaways from NIST’s application container security guide

 

Black Duck and Google Grafeas: Improving container visibility and security

Containers offer many advantages over monolithic applications, packaged as VMs. Most importantly, a container image is immutable, easily built and deployed without reliance on permanent infrastructure. Nevertheless, containers are a challenge to IT operations teams, who need full visibility and control of their software supply chain to implement security and governance policies. To address this problem, today Google announced Grafeas, an Open Source Project that provides a flexible verification framework to connect components deployed in production with their origins. Grafeas is a metadata API that aggregates information about all the software components in a container, including package descriptions, build and deployment histories, and known component vulnerabilities. The Grafeas API can be used to store, query, and retrieve comprehensive metadata on software components of all kinds.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Open Source Security | Comments Off on Black Duck and Google Grafeas: Improving container visibility and security

 

Improving stability, installs, and updates with Docker

We heard our customers loud and clear. Our old AppManager product on which we ran the Hub on wasn’t working for you. That’s why we re-platformed our Black Duck Hub solution on the Docker platform.

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Improving stability, installs, and updates with Docker

 

Customer questions: What is Docker anyway?

We’re shifting the Black Duck Hub to a Docker-based architecture, so we created this quick video to give you an overview of some key questions we’ve heard from our customers about this change.

Continue Reading...

Posted in Container Security, Open Source Security, Software Composition Analysis | Comments Off on Customer questions: What is Docker anyway?

 

Open Source 360 Survey, DockerCon 2017, and more on the Cloudera IPO

Near the halfway point for April 2017, and the NVD CVE listing for the month stands at 573 entries. Hot this week is CVE-2017-7605, a medium-high vulnerability affecting the HE-AAC+ v2 library (aka libaacplus).

Continue Reading...

Posted in Container Security, Open Source Security | Comments Off on Open Source 360 Survey, DockerCon 2017, and more on the Cloudera IPO

 

Building containerized ecosystems with Ansible Container

Today, we’re excited to share the story of the Ansible Container project. It is platform-agnostic, able to target the most common container orchestration engines including Kubernetes, Docker and OpenShift.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Open Source Security | Comments Off on Building containerized ecosystems with Ansible Container

 

Tackling visibility in microservices

Are modern enterprise software architectures doomed to produce suboptimal processes and outcomes? Today, enterprise architects value componentization perhaps more than ever before, given the mass glorification of microservices. Microservices are loosely defined as isolated, independent components designed to address a singular business need. Sounds great, until you consider that with this architecture, the creator(s) and the consumer(s) of any service are likely to become rigorously isolated from each other, the API boundary falling like an iron curtain between them.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security, Software Architecture and Design | Comments Off on Tackling visibility in microservices

 

Open source conferences world wide with Black Duck

One of the fun parts of my job is participating in events. I enjoy the feedback I receive from the communities I work with and I have the opportunity to speak about topics I’m passionate about. While I have the luxury of travel, that’s not the case for the majority of community members I speak with. For them, #dayjob is likely to sponsor their attendance at one or two events per year. This is why we not only attend open source conferences, but created our own.

Continue Reading...

Posted in Container Security, General, Open Source Security, Webinars | Comments Off on Open source conferences world wide with Black Duck

 

Rocket.Chat: Enabling privately hosted chat services

This is the eighth year we’ve run the Black Duck Open Source Rookies of the Year. Each year we review the world of open source and recognize top new projects launched during the past year, be sure to check out the top new projects of 2016. Today, we’re excited to share the story of the Rocket.Chat project, which enables privately hosted chat services.

Continue Reading...

Posted in Agile, CI/CD & DevOps, Container Security | Comments Off on Rocket.Chat: Enabling privately hosted chat services