Black Duck Brings Open Source Vulnerability Detection to Kubernetes

Black Duck Brings Open Source Vulnerability Detection to Kubernetes

This week we released a new version of Black Duck OpsSight, a solution for vulnerability detection and alerting in production environments. When we introduced Black Duck OpsSight for OpenShift in November, we made it possible for customers who use Black Duck Hub as an integral part of their SDLC security process to also monitor the open source security of their application deployment environments.

This newest release shares that security solution with customers who are running the Kubernetes as their container orchestration platform. 

Introducing OpsSight for Kubernetes

Black Duck Hub’s integrations with development tools helps companies shift their open source vulnerability scanning “left” in the development process. OpsSight helps them shift “right” to scan and monitor for newly discovered vulnerabilities in their production environments. In addition, with the advent of microservices and container repositories, companies are now including binaries in their applications – binaries for which they have no source code. OpsSight enables them to scan those containers prior to deployment and monitor them in production as well.

By scanning and continually monitoring containers in runtime environments, both IT operations teams and developers gain visibility into the specific vulnerability risks. IT also gains a tool showing them how widespread their open source risk is across the entire running application portfolio.

Black Duck OpsSight for Kubernetes

We see a lot of enterprises adopting OpenShift because Red Hat has assembled and packaged the ecosystem of tools needed to efficiently run a Kubernetes-based container orchestration platform. With version 1.0.2, OpsSight now supports companies building on the open source version of Kubernetes, and it allows us to broaden our portfolio of platforms to support other vendors such as Google and Amazon, who are adopting Kubernetes as an option in their orchestration platforms. 

8 Takeaways from NIST’s Application Container Security Guide

Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.


3 Ways OpsSight Extends Open Source Security to Production

| Nov 9, 2017

Black Duck just announced the launch of a new product, Black Duck OpsSight. OpsSight enables IT operations organizations to scan containers being created, updated or deployed through their container orchestration platforms. The first implementation of OpsSight is for Red Hat OpenShift, but we've

| MORE >

Black Duck & Google Grafeas: Improving Container Visibility & Security

| Oct 12, 2017

This post was co-authored by Neal Goldman | Senior Product Manager Containers offer many advantages over monolithic applications, packaged as VMs. Most importantly, a container image is immutable, easily built and deployed without reliance on permanent infrastructure. Nevertheless, containers are

| MORE >