Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Quay Security Scanner From CoreOS Offers Improved Threat Detection For Docker Containers

By - Source: CoreOS

CoreOS upgraded a key feature of the company’s Quay container registry that scans containers for known vulnerabilities. The Quay Security Scanner features a new UI and has been rebuilt to use CoreOS’s new Clair 1.0 APIs. According to CoreOS, the new version provides improved guidance to development teams as to how to deal with vulnerabilities found in container images. The new version of Quay Security Scanner is designed to reduce the amount of time it takes to detect vulnerabilities in container registries.

The Clair 1.0 technology announced earlier this month is an API-driven analysis engine from CoreOS that can inspect containers for known security flaws. Analysis of containers in the Quay image repository performed by CoreOS found that a high percentage of the images contained known threats like Heartbleed, Shellshock and GHOST, highlighting the need for improved vulnerability analysis for containers.

CoreOS has revamped the database technology that constitutes the knowledgebase of threats for the Quay Security Scanner. New database structures help developers track threat detection remediation workflows, and a feature of the PostgreSQL database known as recursive queries is now utilized to reduce database communication overhead, thereby improving performance. According to CoreOS, security scanning times have been improved by 99.9 percent.

The new UI in CoreOS Quay Security Scanner features a new dashboard view of threat data found in a repository. A high level summary view of results displays the total number of threats and the availability of patches broken down by threat level. Drill-down functionality can take the user from a high-level summary of vulnerability data to detailed threat data. The threat severity is enumerated according to the Common Vulnerability Scoring System (CVSS) that includes details such as:

  • Access Vector
  • Access Complexity
  • Authentication
  • Confidentiality Impact
  • Integrity Impact

This data can help prioritize remediation efforts by identifying which threats pose the greatest risk to container-based infrastructures. In addition, a new package view maps vulnerabilities to the packages they affect.

CoreOS Quay Security Scanner is available now in the hosted version of Quay and will be made available in Quay Enterprise in the next release.