Like most trends in our industry is, first we fall in love with how much faster or smarter they allow us to get things done. It is only later after we are hooked that we remember to implement security measures that will keep our products secure. Containers have been one of the hottest trends in recent years, yet it is only recently that container security scanning is starting to be raised as a necessity to be integrated.
However, containers do come with their own challenges to security that need to be addressed if we want to use them effectively and securely in our development.
The lightweight software packages that hold our code and its dependencies, containers are beloved for their interoperability across environments, making it far easier to build, test, and deploy from one stage to the next. A Docker container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings.
What Are Containers and Why Are They So Dang Popular?
In the age of DevOps, containers are playing a significant role in making the flow of software through the development life cycle a smoother process, eliminating the bumps in the road that can cause unnecessary friction. Due to their independence from the confines of one operating system or the other, their self-sustained nature makes them a breeze to move from one environment to the next. They are also significantly less resource heavy, allowing teams to run more of them without the need for additional CPU power.
Often a game of inches, containers offer a few advantages on the security front that developers appreciate. As the default isolation capabilities are (Read more...)
*** This is a Security Bloggers Network syndicated blog from Blog – WhiteSource authored by Gabriel Avner. Read the original post at: https://resources.whitesourcesoftware.com/blog-whitesource/container-security-scanning