Morioh
Login
Haylie Conn

Haylie Conn

3 years ago

Run a vulnerability scanner on your container images within CI/CD pipelines

With the advent of the cloud and container orchestrators, containers are becoming more commonplace. Docker is one of the most popular container runtimes that we use, and Docker images are everywhere. However, as it is a relatively new technology — and with the increased focus on shift-left — container security is a hot topic.

Most enterprises focus on runtime container security. However, sometimes the containers themselves have a vulnerability at build time that goes undetected to the untrained eye.

Containers use layers, and most containers are built from third-party base images that are available on Docker Hub. So, even if your code is secure and robust, you might end up deploying something in production that you shouldn’t have deployed because of a vulnerable base image.

Sysadmins usually harden OS images in production to ensure that you run your applications securely. Still, because of shift-left in the container world, this is often overlooked by developers — and we will not blame them. They know how to code well, and they do that. Security was traditionally SecOps’s responsibility, and therefore they are the experts who usually manage that.

#docker #devops

Docker Container Security With Anchore Grype

betterprogramming.pub

Docker Container Security With Anchore Grype

Docker Container Security With Anchore Grype. Anchore Grype is a container vulnerability scanner that helps you scan your container images for vulnerability using a simple CLI that is easy to install and run. The best part is that you can use this tool within your CI/CD pipelines and fail builds that cross a certain vulnerability threshold.

2.60 GEEK