Announcing the NeuVector & Sonatype Nexus Lifecycle Integration: Securing Containers Across the SDLC

It’s no secret that container usage has increased rapidly in the last few years. As reported in our 2020 State of the Software Supply Chain Report, “Pulls of container images topped 8 billion for the month of January. This means annualized image pulls from the repository should top 96 billion this year. To keep pace with demand, suppliers pushed 2.2 million new images to DockerHub over the past year – up 55% since our last report.” However, this increased popularity opens up container security solutions to hackers looking to steal data, install ransomware, or perform crypto-mining attacks.

The solution to this problem, and the cornerstone of good security hygiene, is the ability to detect and mitigate vulnerabilities in all phases of the SDLC, including build, registry, and production environments. With this in mind, we are excited to announce the availability of the NeuVector and Nexus Lifecycle integration.

This integration brings together NeuVector’s open source detection and mitigation capabilities at the container application, operating system, and runtime layers with Nexus Lifecycle’s robust policy enforcement engine at the application layer. DevOps teams can now use NeuVector to scan images in registries and containers running in production for vulnerabilities and manage these vulnerabilities in Nexus Lifecycle – gaining a single view into full container security and governance. For Sonatype customers, this integration is also available in Nexus Lifecycle Foundation.

Inside the Integration

The NeuVector Sonatype Lifecycle integration is a container itself which can be configured using the command line and providing inputs for Nexus Lifecycle, NeuVector controller, webhook endpoint, etc. Response Rules are then configured in NeuVector to send webhook alerts to the integration container whenever an image or running container is scanned.

NeuVector 1

NeuVector is able to automatically detect the Nexus Lifecycle application and submit scan results for that application (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Alyssa Shames. Read the original post at: