The growth of container usage has created new challenges for DevOps teams, which is why Black Duck Software announced today that it will be adding container-scanning capabilities to its Hub software.
This addition will help DevOps teams map open-source security vulnerabilities for applications. It will also allow them to map Linux distributions and other software in Docker and other Linux containers.
As operations and DevOps teams identify container images that are used to support applications, they now can automate identification and verification of open-source component versions, and development teams can get early warnings in the build process if there is a vulnerability or out-of-date version, according to Black Duck’s blog.
(Related: Why 2015 was the year of containers)
By deploying a containerized scanner on their Docker hosts, users can identify the open-source security vulnerabilities in all layers of any container on that host, the company said. Since containers come from different sources, it’s difficult to detect open-source vulnerabilities and keep them from entering the operating environment.
Red Hat, an open-source company, recently collaborated with Black Duck to secure a model for containerized application delivery. During that collaboration, both companies agreed that security concerns for containers need to be addressed.
“The potential of containers is significant, but we believe it can only be fully realized in the enterprise if container security—understanding what’s inside the container, and the ability to detect and address vulnerabilities—is addressed,” said Mike Werner, senior director of Global Technology Ecosystems at Red Hat.