Software Integrity

 

Announcing OpsSight Container Security 2.0 GA

Announcing OpsSight Container Security 2.0 GA

Containers have restructured the way we think about our infrastructure, bringing development and operations teams closer together than ever before, and placing applications center stage in the infrastructure environment. Teams are massively scaling containerized deployments with Kubernetes and Kubernetes-based solutions, like Red Hat’s enterprise-grade container orchestration platform, OpenShift Container Platform. But in containerized deployments, because applications sit closer to the infrastructure, without an intervening hypervisor and host OS, application security is more important than ever. In fact, security remains among the most important barriers to container adoption.

Black Duck by Synopsys fills a container security void

Last November we announced the launch of our infrastructure security product, OpsSight, to bring open source visibility and control to operations teams managing large-scale container deployments with OpenShift and Kubernetes. OpsSight automatically scans every image, as it is used by the cluster, for open source and associated vulnerabilities. It then annotates the pod with metadata to highlight any policy violations. This information enables teams to ensure that vulnerable containers are not allowed to run in production. Finally, OpsSight continuously monitors for any newly reported vulnerabilities that may affect the contents of running containers, alerting teams so they can find and fix those vulnerabilities before a hacker might exploit them. In this solution, Black Duck by Synopsys created the first proactive security solution that could scale with the realities of containerized deployments.

Container technology moves lightning fast

The world of container orchestration and Kubernetes is rapidly changing. Recently, Red Hat released OpenShift Container Platform 3.9. In this latest release, Red Hat stepped up security and usability with a new central auditing capability, console timeouts, and improved service catalog workflows. Additionally, OpenShift can now preserve data across more environments, including PostgreSQL, MariaDB, and MySQL; it advances device plugin support and grows the types of local storage that are supported. Check out the OpenShift Commons Briefing on OpenShift Container Platform 3.9 for a full run-through.

Enter OpsSight 2.0 Container Security solution

Black Duck too has evolved our container security solution to meet the needs of our customers. Today we are announcing OpsSight 2.0. This new version has the same important security features as its older brother but has been re-architected to better scale and maintain support for the latest and greatest in container orchestration, like OpenShift Container Platform 3.9 and Kubernetes 1.10. OpsSight 2.0 also features:

  • Elastic scaling of image scanning.
  • Inclusion of metrics for all mission-critical features.
  • Completely automated dev tooling, providing the ability to quickly stand up Black Duck and OpenShift environments.
  • A modularized architecture, allowing the creation of custom functionality related to discovering and retrieving images.
  • Enhanced Vulnerability Data with remediation guidance.
  • Improved policy management.

For more information on the OpsSight 2.0 release, check out our documentation.

Learn more about automatic open source vulnerability detection for containers.

Get started

 

More by this author