Friday, May 20, 2022
  • US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks
  • BSides Prishtina 2022 – Kastriot Fetahaj’s ‘0Keyboard (A Simple Keyboard With The Evil Inside)’
  • Insider Risk Management—A 7 Step Approach to Zero Trust (Part 1)
  • Daniel Stori’s ‘$ When You tail -f But Forget To grep’
  • API security in the cloud isn’t optional

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
DevOps SBN News Security Bloggers Network 

Home » Cybersecurity » DevOps » Tripwire For DevOps External Registry And Alert Capability

SBN

Tripwire For DevOps External Registry And Alert Capability

by Ben Layer on October 8, 2018

Although many organizations are shifting security to the left and embracing the integration of security tools into their continuous integration / continuous delivery pipelines, there are others who have different wants and needs.

Cybersecurity Live - Boston

Private Registries

One popular use case for Tripwire for DevOps is the scanning of private customer registries. Tripwire for DevOps is able to periodically enumerate and scan the Docker images that exist in your private Docker V2 or hosted registries. We have recently expanded the hosted registry support to include Amazon Elastic Container Registry, Azure Container Registry, Google Container Registry and Quay.io.

New images are automatically discovered within the private registry, and vulnerability scans are performed per a user-defined schedule. This allows DevOps groups who wish to decouple vulnerability scanning from delivery or deployment with the ability to do so. Audits can be performed in parallel with build jobs without potentially interrupting a delivery pipeline.

Alerts

Of course, utilizing out-of-band image assessment requires a method of alerting the user when vulnerable images are found. With Tripwire for DevOps, users can send email alerts for vulnerable images on a global or repository basis, so responsible teams are sure to be notified of any vulnerabilities encountered.

The Quality Gate function allows the user to define what criteria qualifies as passing or failing within the Tripwire for DevOps system. The user may choose from pre-configured options or create a truly custom quality gate tailored to a specific Docker image. This allows teams responsible for each image to create their own alerting protocol.

Discovering vulnerabilities as early as possible is one of the core tenants of Tripwire for DevOps, and with image vulnerability analysis integrated into your build pipeline, you can ensure you are catching each problem early.

For organizations that desire a less integrated approach, you can still accomplish (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Ben Layer. Read the original post at: https://www.tripwire.com/state-of-security/devops/tripwire-devops-external-registry-alert-capability/

October 8, 2018October 8, 2018 Ben Layer DEVOPS, tripwire, Tripwire News, vulnerability
  • ← Women in Information Security: Alana Staszczyszyn
  • Breached Records More Than Doubled in H1 2018, Reveals Breach Level Index →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

How Encryption Helps Restore Cloud Security Integrity
CISA, Int’l Cybersecurity Bodies Issue Advisory to MSPs
Cybersecurity in the Boardroom: How to Report Risk to Leadership
3 Keys to an Effective Kubernetes Disaster Recovery Plan
Botnets, Telegram Helped Criminals Steal $163B in COVID Aid
X-Cart Skimmer with DOM-based Obfuscation
What is Test Automation Pyramid? How To Use It in Agile Software Development?
Four ways to combat the cybersecurity skills gap
Three new API exploits causes GitLab data privacy and availability issues
MSSP’s Mitigation Responsibilities Against Ransomware

Upcoming Webinars

Mon 23

Defending Against Emerging Ransomware Threats

May 23 @ 1:00 pm - 2:00 pm
Thu 26

Challenges and Opportunities for Improving Secure Coding Practices

May 26 @ 3:00 pm - 4:00 pm
Tue 31

Leveraging a Cloud Data Platform to Respond to Cybersecurity Events

May 31 @ 11:00 am - 12:00 pm
Jun 01

The 2022 Guide to API Security

June 1 @ 11:00 am - 12:00 pm
Jun 01

Security From Code to Cloud and Back to Code

June 1 @ 1:00 pm - 2:00 pm
Jun 08

Beyond Unification: How CNAP Should Reduce Cloud Security Risk

June 8 @ 11:00 am - 12:00 pm
Jun 08

When Less Is More: Full Life Cycle Serverless Security

June 8 @ 1:00 pm - 2:00 pm
Jun 15

Top 5 Reasons Why Effective SDLC Security Controls Are So Difficult

June 15 @ 1:00 pm - 2:00 pm
Jun 21

Why Cloud-Native Applications and APIs Are at Risk

June 21 @ 1:00 pm - 2:00 pm
Jun 28

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

June 28 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Industry Spotlight

Establishing a Root of Trust in Embedded Linux and IoT
Cybersecurity Endpoint Industry Spotlight IoT & ICS Security Security Boulevard (Original) Vulnerabilities 

Establishing a Root of Trust in Embedded Linux and IoT

April 18, 2022 Anita Buehrle | Apr 18 Comments Off on Establishing a Root of Trust in Embedded Linux and IoT
Attorney-Client Privilege and Email Privacy
Cybersecurity Data Security Identity & Access Industry Spotlight Network Security Security Boulevard (Original) 

Attorney-Client Privilege and Email Privacy

April 7, 2022 Mark Rasch | Apr 07 Comments Off on Attorney-Client Privilege and Email Privacy
How MSPs can Fill the Cybersecurity Skills Gap
Cybersecurity Endpoint Industry Spotlight Network Security Security Awareness Security Boulevard (Original) 

How MSPs can Fill the Cybersecurity Skills Gap

February 17, 2022 Mike Adler | Feb 17 Comments Off on How MSPs can Fill the Cybersecurity Skills Gap

Top Stories

US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks
Analytics & Intelligence Cyberlaw Cybersecurity Featured Governance, Risk & Compliance News Security Boulevard (Original) Threats & Breaches 

US Lawmakers Seek Uniform Policy on Nation-State Cyberattacks

May 20, 2022 George V. Hulme | Yesterday 0
‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth
Analytics & Intelligence Application Security Cybersecurity DevOps Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response IoT & ICS Security Mobile Security Most Read This Week Network Security News Popular Post Security Awareness Security Boulevard (Original) Social Engineering Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Incompetent’ Tesla Lets Hackers Steal Cars — via Bluetooth

May 19, 2022 Richi Jennings | 1 day ago 0
Conti Ransomware Gang Threatens Costa Rica’s Government
Cybersecurity Data Security Featured Governance, Risk & Compliance Malware News Security Boulevard (Original) Spotlight Threat Intelligence Vulnerabilities 

Conti Ransomware Gang Threatens Costa Rica’s Government

May 19, 2022 Nathan Eddy | 1 day ago 0

Security Humor

Daniel Stori's '$ When You tail -f But Forget To grep'

Daniel Stori’s ‘$ When You tail -f But Forget To grep’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.