Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.
 

Docker Includes Container Scanning And Benchmarking In Latest Security Releases

By - Source: Docker

Docker announced updates that are sure to make many users of the container solutions relieved. As containers continue to be one of the most disruptive new technologies, and Docker continues to gain ground as the leader in containers, many users have been asking questions about how to better handle security operations for their containerized applications.

Docker Security Scanning (DSS), the official release of the project formerly known as “Nautilus,” is now available to Docker Private Repository users. The initial release scans containers and applications undergoing the build and release process to identify frameworks and libraries used by the application. The results of the analysis go into the creation of a Bill of Materials (BOM) that is used as a catalog of the components running inside the container.

DSS also connects to a security vulnerability database, the contents of which make up an ongoing library of issues related to components that could be lurking in your applications and containers right now. When a new BOM is created through the initial scan of containers in the registry, or as a new container is deployed, the components in the BOM are checked against the vulnerability database, alerting administrators of a concerning security issue inside the code of the containerized app. As new security vulnerabilities are added to the database, the existing BOMs are checked for compliance to make sure that no new vulnerabilities affect existing applications.

But the security of the code that’s running inside a container is not the only concern that Docker admins are worried about, and it’s not the only security update that Docker announced. Docker Bench (think “benchmark”) is also being updated. Docker Bench keeps a detailed running account of best practices and performs scans of the hosts to both check for compliance with the recommended settings and report back any identified gaps.

In total, the two announcements combine to address one of the top concerns among Docker users. By increasing the security profile of the containers, from the host up through the applications, the entire ecosystem is improved and the applications more reliable.

DockerBench is available now. Docker Security Scanner is available now to users of Docker Private Repository, with a staged rollout planned throughout the year to Docker Datacenter users.

Comments