Black Duck, the global leader in automated solutions for securing and managing open source, today announced the integration of its Hub solution with Red Hat OpenShift Container Platform, the industry’s most comprehensive enterprise Kubernetes platform for traditional and cloud-native applications.
The Hub integration allows Red Hat OpenShift Container Platform users to automatically inventory all the open source components in a container image, identify known open source vulnerabilities and license-compliance obligations, and continuously monitor the inventory for new open source vulnerability disclosures.
“Innovative container technology is a breakthrough for development speed and agility, but persistent concerns about security have been barriers to container adoption in the enterprise,” said Black Duck CEO Lou Shipley.
“Integrating Hub with the Red Hat OpenShift Container Platform helps allay those security concerns. Open source components comprise 80% to 90% of the software in containers and having Hub’s automated visibility into the open source components in containers, as well as any associated security and license risks will increase confidence levels,” said Shipley.
Black Duck is previewing the integration at this week’s Red Hat Summit which opened today in the Boston Convention and Exhibition Center. Black Duck said it expects the integration will be generally available next month.
“The push towards digital transformation requires that many organizations evolve into software companies, with this software frequently taking the form of cloud-native, containerized applications. Red Hat OpenShift Container Platform delivers the industry’s most comprehensive Kubernetes-based platform to build and deploy these innovations, while our integration with Black Duck Hub enables enterprises to bring to bear one of the most powerful Linux container scanners on the market today, pairing open innovation with greater container security,” said Ashesh Badani, vice president and general manager, OpenShift, Red Hat.
Black Duck said that implementing a container security strategy requires an understanding of the risks inherent in building, deploying and scaling of containerized solutions. Defining open source risk-management policies from the development phase through deployment are vital in preventing open source security, licensing, and operational issues from becoming deployment problems.
Black Duck said its Red Hat OpenShift Container Platform integration is designed to include comprehensive container inspection on both the operating system and open source components in the early phases of container construction to deliver greater security, licensing, and operational risk visibility.
Additionally, continuous scanning and monitoring of open source in the containerized applications delivered across the container application platform can enable a proactive response to open source vulnerability disclosures.
Regardless of image source, build model or deployment state, scanned images provide a clear view of the risk state for the Red Hat OpenShift Container Platform cluster.