Black Duck just announced the launch of a new product, Black Duck OpsSight. OpsSight enables IT operations organizations to scan containers being created, updated or deployed through their container orchestration platforms. The first implementation of OpsSight is for Red Hat OpenShift, but we've planned versions of the product for Kubernetes and Docker Swarm.
With OpsSight, Black Duck extends its coverage of open source security vulnerability detection to another area of the software development lifecycle. We have great integrations with development tools, making vulnerability and compliance scanning easy for developers. Now we’re making it easier for operations and productions teams to do the same scanning and monitoring for security vulnerabilities themselves.
Because security is only as good as the weakest link, OpsSight helps strengthen overall security. Here are three critical security points:
1. Open Source Security and Control for Production
For companies that aren't running a solution like Black Duck Hub in their development organizations, OpsSight lets the production team ensure that images being provided to them by development are free from open source security vulnerabilities prior to deployment in production.
2. Container Creation and Validation
We’re seeing more companies that split container creation into two pieces. Operations creates the base container images with the general set of packages needed by the development teams, while Development adds unique application code. This gives the Ops teams consistency and predictability of the operating system and core package , which reduces variability and makes everything easier to control and maintain. OpsSight allows these Operations teams to validate the security of the base container images prior to handing them to Development.
3. Maintaining Containerized Applications
The third and most important scenario relates to containers of long-running applications that don’t receive regular development updates. Once a container is scanned, OpsSight continually monitors Black Duck’s vulnerability database to see if any new vulnerabilities have been discovered that affect components in that container. If a new vulnerability has been discovered, OpsSight alerts the system to it. With this feature, the Operations team can alert the development team that a container that hasn’t been updated in a while needs to be rebuilt with updated, secure packages. Imagine the difference to Equifax if the production operations team had been alerted that their production systems were vulnerable.
With OpsSight, Black Duck is extending its product coverage to a whole new set of people inside our customer organizations. By running vulnerability detection both at development time and continually throughout production deployment, customers dramatically increase the likelihood of finding and responding to a newly discovered vulnerability quickly and efficiently.