Friday, August 19, 2022
  • Anton’s Security Blog Quarterly Q3 2022
  • July Tesla Sales Crashed in Germany and Norway: Not Even on Chart
  • Friday Squid Blogging: The Language of the Jumbo Flying Squid
  • Data Protection Solutions: Safeguard Your Data From Cyberattacks & Other Threats
  • Analysis of Clop’s Attack on South Staffordshire Water – UK

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
DevOps Security Bloggers Network 

Home » Cybersecurity » DevOps » Enforce Docker Image CIS Policy Compliance with Tripwire for DevOps

SBN

Enforce Docker Image CIS Policy Compliance with Tripwire for DevOps

by Mitch Thomas on October 23, 2018

We are working hard adding features to our new Tripwire for DevOps service, initially announced at BlackHat 2018. If you are a loyal State of Security follower, last you read we added Auditing for Amazon Machine Images (aka AMIs). Today, we are introducing CIS policy compliance auditing for Docker images.

AppSec/API Security 2022

Tripwire for DevOps allows you to evaluate your Docker Images to check for policy compliance at build time. Doing so ensures those images are compliant with CIS policies before they are put into production.

How To

Whether you are experimenting with the service or integrating it with your CI/CD build tool e.g. Jenkins or GoCD or Travis CI, policy compliance scanning is enabled using the twdevops command line ‘-policy CIS’ flag.

Enforce Docker image CIS policy compliance with Tripwire For DevOps

Currently, this feature is only available for Docker images, but stay tuned for an update on AMI scanning.

Once the image is pushed and you have a request id, you can check for the status of the scan

Enforce Docker image CIS policy compliance with Tripwire For DevOps

Once the scan is complete (Status: ScanComplete), fetch the results in either JSON or JUnit formats (JSON example shown)

Enforce Docker image CIS policy compliance with Tripwire For DevOps

I did not include scan results here… it was just too much data. Handy tip: The JSON output contains information familiar to existing Tripwire Enterprise customers, including the remediation details provided by our CIS Policy content team.

The online documentation contains additional details about the twdevops command line as well as for the platform and policy support.

Now that you have scanned an image, you can see the dashboard now includes Policy Results.

Now that an image has been scanned, the Tripwire for DevOps web interface displays both the Policy and Policy Test information in addition to Vulnerability and Application information per Docker image.

Enforce Docker image CIS policy compliance with Tripwire For DevOps

Policy results are in the dashboard.

Enforce Docker image CIS policy compliance with Tripwire For DevOps

Matching Policies and Policy Tests can be found when (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Mitch Thomas. Read the original post at: https://www.tripwire.com/state-of-security/devops/cis-policy-compliance-tripwire-devops/

October 23, 2018October 23, 2018 Mitch Thomas CIS, DEVOPS, security, Tripwire for DevOps
  • ← Get Started in Cybersecurity: Beginner Tips, Certifications and Career Paths — CyberSpeak Podcast
  • Business Email Compromise: Putting a Wisconsin Case Under the Microscope →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Most Read on the Boulevard

Gmail Lets Candidates Spam You — FEC FAIL
The Power of Provenance: From Reactive to Proactive Cybersecurity
Lacework Adds Time Series Modeling to Cybersecurity Platform
Incident Response Teams Fight Back With Virtual Patching
Cybersecurity in the Wake of Ukraine
What the SEC Can Tell Us About Board Governance of Cyber Risk
The Week in Cybersecurity: MFA shortcomings paved the way for Cisco breach
1.5 Million Customers Impacted By US Bank Data Breach – Possible Lessons Learned
Black Hat insights: Getting bombarded by multiple ransomware attacks has become commonplace
Black Hat: We Should Have Seen The Colonial Ransomware Attack Coming

Upcoming Webinars

Mon 22

API Security

August 22 @ 1:00 pm - 2:00 pm
Wed 24

Implementing Identity Access Prioritization and Risk-Based Alerting for High-Fidelity Alerts

August 24 @ 1:00 pm - 2:00 pm
Tue 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm
Sep 15

Finding Suspicious Events with AWS CloudTrail: Fundamentals and Best Practices

September 15 @ 11:00 am - 12:00 pm
Sep 19

Identity Zero-Trust: From Vision to Practical Implementation

September 19 @ 11:00 am - 12:00 pm
Sep 20

SaaS Security Trends, Challenges and Solutions for 2022

September 20 @ 11:00 am - 12:00 pm
Sep 21

Doing More With Less: How to Improve AppSec Programs When Budgets Decrease

September 21 @ 1:00 pm - 2:00 pm
Sep 26

Cloud Security

September 26 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

Self-Driving Vehicles: A Serious Security Risk?
Cybersecurity Industry Spotlight Security Boulevard (Original) 

Self-Driving Vehicles: A Serious Security Risk?

August 19, 2022 Millie Fuller | Yesterday 0
4 Common Automotive Cybersecurity Vulnerabilities
Cybersecurity Industry Spotlight Security Boulevard (Original) 

4 Common Automotive Cybersecurity Vulnerabilities

August 19, 2022 Joe Agee | Yesterday 0
Gmail Lets Candidates Spam You — FEC FAIL
Application Security Cloud Security Cloud Security Cyberlaw Cybersecurity DevOps Editorial Calendar Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches 

Gmail Lets Candidates Spam You — FEC FAIL

August 15, 2022 Richi Jennings | 4 days ago 0

Top Stories

VPNs Don’t Work on iOS — and Apple Doesn’t Care
Analytics & Intelligence API Security Application Security Cloud Security Cloud Security Cybersecurity Data Security Editorial Calendar Endpoint Featured Identity & Access Incident Response Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

VPNs Don’t Work on iOS — and Apple Doesn’t Care

August 19, 2022 Richi Jennings | Yesterday 0
Task Force Gives SMBs Blueprint to Defend Against Ransomware
Application Security Cybersecurity Data Security Featured Incident Response News Security Awareness Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Task Force Gives SMBs Blueprint to Defend Against Ransomware

August 18, 2022 Teri Robinson | 1 day ago 0
Radware Report Sees Major Spike in DDoS Attacks
Featured News Spotlight Uncategorized 

Radware Report Sees Major Spike in DDoS Attacks

August 17, 2022 Michael Vizard | 2 days ago 0

Security Humor

XKCD ‘Gen Z’

XKCD ‘Gen Z’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.