Docker Container Security
Are Open Source Vulnerabilities Hidden in Your Containers?
Docker containers help development and DevOps teams increase agility and accelerate application delivery. Yet, with these benefits can come a loss of visibility and control for teams deploying and managing them. Containers bundle applications with a lot of software and files you may not know about or want in your production environment. As adoption grows, so does the security risk of potential open source vulnerabilities hidden inside them and the need for Docker container security.
Docker Container Security Before You Deploy
Black Duck Hub gives you visibility into the open source, allowing you to identify, manage, and monitor container security, license- compliance, and code quality risks.
Hub’s intelligent scanning and open source identification is powered by the industry’s most comprehensive KnowledgeBase™ of over 1.5 million open source projects and enhanced known vulnerability-mapping features that provide earlier notification and remediation guidance not found in NVD. Hub enables secure and agile development through flexible policy management features and integrations with popular build/CI tools including Jenkins and TeamCity.
Black Duck Hub's Docker security services:
- Scan & Identify Open Source – Inventory open source in all layers of Docker containers with insight into distribution sources and patch levels. By fully scanning your codebase, Hub finds open source that solutions based on manifest file parsing miss, including undeclared and modified components to improve Docker security.
- Map Known Vulnerabilities – Identify known vulnerabilities for the open source in your containers. Find out which ones are already patched and get remediation guidance for those that aren’t.
- Monitoring for New Vulnerabilities – Enhance Docker security with early notification (an average of 3 weeks earlier than NVD) of new vulnerabilities as they reported.
- Enforce Open Source Use Policies – Define exception-based policies that can be used for reporting and build/deployment process automation.