Open source is the foundation of most modern applications. However, left untracked, open source can put containerized applications at risk of known vulnerabilities such as Heartbleed and CVE-2017-5638 found in Apache Struts.
Tracking open source can be difficult in containerized production environments, which pose new challenges to application security. Organizations need visibility into the open source risks at every layer of their container images, including operating systems, their dependencies, additional libraries, and the application layers. The massive, dynamic container deployments in modern production environments only make getting this visibility more challenging.
Meet the challenges of modern container deployment
Black Duck OpsSight gives you visibility into, and control over, the open source components in your container images. By automatically detecting and scanning images, you can be sure your container security strategy scales to your entire container cluster. With Black Duck OpsSight, you can proactively monitor the open source risks in your containerized applications in four steps:
- Automated multifactor open source detection inventories all the open source in container images as they are added or updated in the registry.
- Black Duck Enhanced Vulnerability Data identifies all known vulnerabilities for the open source in your container images and gives you actionable mitigation and remediation guidance to help you minimize exploit risk.
- Policy management allows teams to define open source use and security policies, which are evaluated with each scan and documented as metadata on your containers, allowing you to flag images that violate policies and prevent them from deploying to production.
- OpsSight continuously monitors for newly reported security vulnerabilities associated with open source in use, providing same-day alerts so teams can understand how these vulnerabilities affect containers in production.
What’s your plan for securing containers?
Container security strategies should account for the scale and complexity of modern container deployments. For this reason, manually tracking open source components in large, dynamic container clusters is unrealistic. Simplify and accelerate open source risk management with automated, policy-driven control over open source security vulnerabilities.
With Black Duck OpsSight, you get automated visibility into the open source software in your containers and the security risks each component represents. You also learn about any new risks posed by the open source software in your containers, as well as how to mitigate them.
Concerned about securing your container deployments?
Read the white paper: Securing Containers at Scale
*** This is a Security Bloggers Network syndicated blog from Software Integrity authored by Charlie Klein. Read the original post at: https://www.synopsys.com/blogs/software-security/securing-containers-scale/