Application security company Veracode has announced that its Continuous Software Security Platform now supports container security.
According to Veracode, containers suffer from a lot of the same issues as traditional physical or virtual server hardware. This includes things like poorly managed secrets and security misconfigurations, both of which are addressed by Veracode’s solution.
Veracode also noted that another challenge companies may face is that a lot of existing container security tools are for security at runtime, which is past the development process. This new solution integrates into the CI/CD pipeline, which allows developers to remediate vulnerabilities before they make their way into production.
Results of security scans are available in a number of formats, such as text, JSON, and Software Bill of Materials. This makes it easy to integrate with other tools.
“As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency,” said Brian Roche, chief product officer at Veracode. “This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.”
