Black Duck announced the release of its OpsSight automatic open source vulnerability detection solution for containers at its Flight 2017 conference in Boston today.
According to the company’s CEO Lou Shipley, OpsSight is Black Duck’s first product that targets the production phase of the software lifecycle.
“Container technology is revolutionizing the way organizations package, deploy, and manage applications,” Shipley said. “Increasingly IT operations teams depend on container orchestration platforms to manage large scale container deployments. However, as the number of containers grows, so does the complexity of validating the contents and securing container images in production. OpsSight allows operations team to be sure deployments are free from known open source security vulnerabilities because it provides full visibility into and control over the open source in the container images.”
OpsSight features automated scanning and inventorying of open source components in container images, identifies and highlights images that contain known security vulnerabilities, flags containers that violate open source security policies and provides automated alerts into newly discovered vulnerabilities.
Going forward, OpsSight will be optimized to work with a variety of container orchestration platforms. With today’s release, the solution is optimized to work with Red Hat’s enterprise-grade solution OpenShift Container Platform, as well as Docker and Kubernetes.
“As organizations undergo digital transformation, they are increasingly turning to container technologies to help deploy flexible, cloud-native applications,” said Julio Tapia, director of the OpenShift ecosystem at Red Hat. “The addition of Black Duck OpsSight helps to provide a scalable container security scanning solution to the enterprise container stack, enabling organizations to accelerate along the path to innovation.”