Black Duck, a global leader in automated solutions for securing and managing open source software, today announced the addition of comprehensive container scanning capabilities to its Hub software. DevOps teams will be able to map open source security vulnerabilities for applications, Linux distributions and other software in Docker and other Linux containers.
By deploying a containerized scanner on their Docker host, users can automatically identify the known open source security vulnerabilities in all layers of any container on that host, the company said.
The rapid growth in container use has created new challenges for the DevOps teams responsible for ensuring the security and reliability of applications they deploy. Because containers come from many sources and often bundle custom applications with other software and operating system files, it is difficult to detect known open source vulnerabilities and keep them from entering the operating environment.
Black Duck Hub increases DevOps’ visibility into a container’s contents by fully inventorying its open source software and identifying all known open source vulnerabilities. This ensures that only containers meeting the organization’s security criteria are deployed.
Mike Pittenger, Black Duck Vice President, called Hub’s container scanning capabilities “a breakthrough that eliminates a significant barrier to enterprise adoption of a game-changing technology. Enterprise DevOps groups are eager to take advantage of the cost savings and agility that containers provide, but they have been cautious to adopt them because of security concerns.”
In October Black Duck and open source leader Red Hat announced a collaboration to establish a more secure model for containerized application delivery. At the time, both companies noted that security concerns were major barriers for container technology adoption and sought to address it jointly to spur ongoing container adoption.
“This is a step forward in achieving the goal we announced with Red Hat,” Pittenger said.
“The potential of containers is significant, but we believe it can only be fully realized in the enterprise if container security – understanding what’s inside the container, and the ability to detect and address vulnerabilities – is addressed,” said Mike Werner, senior director, Global Technology Ecosystems, Red Hat. “Our ongoing work with Black Duck aims to help customers address that challenge.”