The opt-in service for Docker Cloud repos also helps with compliance
Docker has released a container scanner, a service that checks for security risks and also helps to streamline software compliance issues. Docker Security Scanning is an opt-in service for Docker Cloud private repository plans.
The scanner works across any application and for all major Linux distributions that support integration into a Containers as a Service (CaaS) workflow. Docker said the scanning and vulnerability detection allows granular auditing of images. The results are presented in a Bill of Materials containing the details of the image layers and components, along with and the security profile of each component.
The new facility offers independent software vendors and app teams the ability to ensure the containers meet their security policies. Any vulnerabilities found can be fixed to ensure customers are not exposed to unnecessary risk.
Docker Security Scanner
HomeByMe-3DVIA has been using the product when it was under development as Project Nautilus. The company’s senior manager of cloud services Valentin Chartier said, “This tool is very effective for reviewing our components and for building a security profile for the images within our scanned private repositories. The process is seamless. Our images are scanned from our private repo, hosted within Docker Hub, without having to make any changes to our existing process. Since the tool operates on a binary level, we can trust that all the installed components are scanned.”
Security Scanning also automates cumbersome aspects of software compliance maintenance. Currently, IT managers usually have to manually monitor ISVs’ entries in the Common Vulnerability and Exposures (CVE) databases for any compliance issues. Security Scanning automatically notifies the organization when any component within the images is changed in the CVE.
Docker said that the ability to market containers with up-to-date security reports and thorough details of what is inside the container image will allow ISVs to offer a better service to their customers.
Docker Security Scanning is available to users of Docker Cloud with a private repo plan. This will be expanded to include all Docker Cloud repo users by the end of Q3 Docker Security Scanning will also be available as an integrated feature in Docker Datacenter during the second half of 2016.