 |
VOOZH | about |
|
VOOZH | about |
We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.
Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.
Follow TNS on your favorite social media networks.
Become a TNS follower on LinkedIn.
Check out the latest featured and trending stories while you wait for your first TNS newsletter.
Snyk sponsored this post.
Containers are the norm today for the development and deployment of both new and old applications. What isn’t always the norm though is built-in security for container developers.
There are many variables that organizations need to be aware of when it comes to container image security. It’s critical to understand what’s in the image, how it was created and who created it.
It’s important to scan containers for potential risks, but it’s even more important that developers understand what they can and should do with the results of a scan when it shows hundreds of vulnerabilities. The challenge of making container image security actionable and efficient for developers is one that requires people, process and technology.
Snyk research shows that 54% of developers currently do not test their container images during development.
In an effort to help organizations with all of these issues, Docker and Snyk have compiled insights and best practices into how organizations can improve container image security, in a new free guide titled, “Guide to Container Security for Development Teams.”
Snyk research shows that 54% of developers currently do not test their container images during development. There are a lot of different reasons why that’s the case, but the most obvious is that security testing during development hasn’t always been as easy as it should be. Thanks to a partnership between container pioneer Docker and Snyk, container security scanning can now be an integrated part of the development process.
The idea of scanning a container for potential vulnerabilities is not new, but on its own, is not enough either. Merely providing developers with a long list of detected vulnerabilities is not adequate for fixing issues inside containers. What is needed is an integrated process that can help reduce risks before a container is deployed.
Having security as part of an integrated container development process can help to accelerate overall development, reducing time that might be needed otherwise to fix issues after a container has been built. When container security is built into the development process, developers are able to ship faster and lighten the burden of monitoring in production.
Scanning a container image after it has been built should not be the first security step for reducing potential risks. Scanning can and should be part of a larger process that is integrated into the development pipeline. There are three key steps that developers should consider when creating a secure container image.
At a high-level those steps are:
Within each of the three high-level steps for creating a secure container image there is the potential for vulnerabilities to exist. Vulnerabilities can (and often are) to be found in dependencies, as well as even minimal base images, across layers and in container configuration. Scanning for risks at each stage, not just at the end, is critical to achieving a more secure outcome.
There is a lot of nuance and detail into how each of the three high-level steps can be implemented that a short article can’t address. In an effort to help development teams, the new Docker and Snyk eGuide provides actionable information to help developers figure out what to fix, how to fix it in the context of a container image and Dockerfile, and where to focus efforts.
Improving container security is not a single step, nor does it require even a single tool. It’s an ongoing, multistep process that Docker and Snyk have detailed with best practices for implementation in the new free resource.
Feature image via Pixabay.
