Docker Releases New Tool to Scan Containers for Vulnerabilities
Docker, a popular container technology provider, announced today the release of its new security scanning product: Docker Security Scanning. The service will allow analysis of docker application images that are hosted on the Docker Hub image repository.
Docker is an open-source project that designs products which allow users to package an application with all of its dependencies into a standardized unit for software development.
Docker containers ‘wrap up’ a piece of software in a complete filesystem that contains everything it needs to run, like code, runtime, system tools, system libraries, and else you can install on a server. This architecture guarantees that software will always run regardless of the environment it is running in. The Docker Security Scanning product addresses the growing need for detection of components which reside within an image that may be vulnerable to exploits. By eliminating these risks, Docker asserts that businesses will be able to develop and deply apps for developers, faster.
Docker describes the new security application: “Docker Security Scanning is available as an add-on to Docker Cloud private repositories. The feature is free for private repository subscribers until August 1st, 2016, and you can opt-in to begin using the service from the Plan page in Docker Cloud. During the free period, Docker Cloud scans the three most recently updated tags in each of your private repositories. You can push an update to an older tag to trigger a scan. The scan runs on each new image push, and updates the scan results when new information comes in from the CVE databases.”
Widget not in any sidebars