Next Level Container Vulnerability Management with OpsSight

Open Source Container Vulnerability Management with OpsSight

With the rise of container orchestration platforms, we’ve seen IT operations teams deploying and running hundreds or even thousands of containers at any given time. This rapid deployment surfaces challenges in validating the contents and security of container images being deployed.

Last year we built a Docker scanning solution into our core product, Black Duck Hub, enabling developers building containerized applications to inventory open source and evaluate related risks prior to pushing them into production. At the rate of deployment today, however, we know that any solution that can only scan one image at a time simply won’t scale to this new reality. While we help developers address application and container security earlier in the SDLC, we also want to provide operations teams with a security solution that can scale with their deployments.

Introducing Black Duck OpsSight

Today, we are happy to announce the launch of our new product, Black Duck OpsSight, a solution that brings open source visibility and control to operations teams managing large scale container deployments. The first supported platform for OpsSight is the Red Hat OpenShift Container Platform. Black Duck OpsSight for OpenShift automatically scans every image in an OpenShift cluster to inventory open source components and associated security vulnerabilities or license compliance risks. By automating scans for all images as they are pushed into production and any time they are altered—  and monitoring those images for newly reported vulnerabilities and annotating them with available metadata — OpsSight provides the first proactive and scalable security solution for container deployments in three ways:

  • It automates scans for all images as they are pushed into production and any time they are altered.
  • It annotates the images with metadata around open source use, allowing you to flag images that violate policies and prevent them from deploying to production.
  • And it continuously monitors for newly reported open source security vulnerabilities, providing alerts so teams can find and fix vulnerabilities before hackers can exploit them.

Introducing Black Duck OpsSight, A Proactive and Scalable Approach to Container Security

A Proactive and Scalable Approach to Container Security

Some solutions in the market provide runtime security for containers, which is an important measure to take, but a reactive approach to security. These tools monitor running containers to determine whether any breaches have been attempted. OpsSight takes a proactive approach by finding vulnerabilities in the base image, allowing operations teams to fix problems before they even make it to production. When new vulnerabilities are reported, OpsSight alerts teams automatically if images in their registry are affected — so they can fix them before hackers attempt an exploit.

Other solutions scan single images, but that approach just isn’t scalable for modern deployments. Containers are lightweight and easy to configure, allowing IT organizations to deploy and run more applications faster and more reliably. Scanning a single image creates an unmanageable bottleneck in the deployment process. OpsSight scans every image, automatically, regardless of source.

Putting Security at the Center of DevOps

OpsSight is the next phase of Black Duck’s efforts to put open source security at the center of DevOps, by helping operations and infrastructure teams manage open source efficiently and at scale. The OpsSight solution for production environments complements the Black Duck Hub solution which enables open source security throughout the development toolchain, from IDEs to CI/CD tools to repositories. Together, they provide comprehensive open source security from Dev to Ops. 

You can learn more about Black Duck OpsSight and container security at scale at www.blackducksoftware.com/products/opssight.

0 Comments
Sorry we missed you! We close comments for older posts, but we still want to hear from you. Tweet @black_duck_sw to continue the discussion.
0 Comments

MORE BY THIS AUTHOR

Be Agile & Decrease Costs with Black Duck’s Visual Studio IDE Plugin

| Oct 11, 2017

In today’s application development world, developers rely heavily on open source to build applications smarter and bring them to market faster. The benefits of open source are clear, but dependence on open source also exposes applications to open source vulnerabilities and license compliance risks.

| MORE >

Secure Cloud Deployments with Black Duck and Pivotal Cloud Foundry

| Jul 18, 2017

In the world of software, containers are changing everything. We can build and deploy applications rapidly and flexibly. We can deploy in the cloud; we can scale with incredible reliability. Entire industries are evolving to empower organizations to move from traditional application development to

| MORE >