Docker Container Security
Are Open Source Vulnerabilities Hidden in Your Containers?
Docker containers help development and DevOps teams increase agility and accelerate application delivery. Yet, with these benefits can come a loss of visibility and control for teams deploying and managing them. Containers bundle applications with a lot of software and files you may not know about or want in your production environment. As adoption continues to grow, so does the risk of potential open source vulnerabilities hidden inside them and the increasing need for Docker container security.
Docker Container Security Before You Deploy
Black Duck Hub gives you visibility into your open source, allowing you to identify, manage, and monitor security, license compliance, and code quality risks inside of your containers.
Hub’s intelligent scanning and open source identification is powered by the industry’s most comprehensive KnowledgeBase™ of over 1.5 million open source projects and enhanced known vulnerability mapping features that provide earlier notification and remediation guidance not found in the National Vulnerability Database. Hub enables secure and agile development through flexible policy management features and integrations with popular build/CI tools including Jenkins and TeamCity.
Black Duck Hub Enables You To:
- Scan & Identify Open Source – Inventory open source in all layers of your containers with insight into distribution sources and patch levels. By fully scanning your codebase, Hub finds open source that solutions based on manifest file parsing miss, including undeclared and modified components to improve container security.
- Map Known Vulnerabilities – Identify known vulnerabilities for the open source. Find out which ones are already patched and get remediation guidance for those that aren’t.
- Monitoring for New Vulnerabilities – Enhance security with early notification (an average of 3 weeks earlier than the National Vulnerability Database) of new vulnerabilities as they reported.
- Enforce Open Source Use Policies – Define exception-based policies that can be used for reporting and build/deployment process automation.