A Brief Introduction To Containers Continuous Vulnerability Scanning
Posted By : Tarun Singhal | 30-May-2018
Continuous vulnerability scanning
This blog is to make yourself one step closer to Containers Security.
One such open-source venture that has risen in this space is Clair. We become acquainted with this
from the Clair GitHub page: Clair is an open source venture for the static examination of vulnerabilities
apps and Docker containers.
Clair scans your code against Common Vulnerabilities and Exploits (CVEs). It can be
integrated into your CI/CD pipeline and run as a response to new builds. If vulnerabilities
are found, they can be taken as feedback into the pipeline, even stop deployment, and fail
the build. This forces developers to be aware of and remediate vulnerabilities during their
normal release process.
Clair can be integrated with a number of container image repositories and CI/CD pipelines.
Clair is also used as the scanning mechanism in CoreOS’s Quay image repository. Quay
offers a number of enterprise features including continuous vulnerability scanning:
://q u a
y
. i
o /
Both Docker Hub and Docker Cloud support security scanning. Again, containers that are
pushed to the repository are automatically scanned against CVEs and notifications of
vulnerabilities are sent as a result of any findings. Additionally, binary analysis of the code
is performed to match the signature of the components with that of known versions.
There are a variety of other scanning tools that can be used as well for scanning your image repositories including OpenSCAP as well as Twistlock andAquaSec.
Clair is a great tool and its main aim is to provide more transparency of the security of the container-based infrastructure. the wors Clair after the French term which translates to clear, bright, transparent.
Cookies are important to the proper functioning of a site. To improve your experience, we use cookies to remember log-in details and provide secure log-in, collect statistics to optimize site functionality, and deliver content tailored to your interests. Click Agree and Proceed to accept cookies and go directly to the site or click on View Cookie Settings to see detailed descriptions of the types of cookies and choose whether to accept certain cookies while on the site.
About Author
Tarun Singhal
Tarun is a RedHat Certified System Administrator. He is very keen to learn new technologies. He has good command over tools like Ansible, Gitlab-CI etc.