SAN FRANCISCO, CA: Docker –an open source platform for developers and system administrators to build, ship and run distributed applications– announces the security scanning feature that provides a security assessment of the software included in container images.
Previously known as Project Nautilus, Docker Security Scanning enables detailed image security profiles, continuous vulnerability monitoring and notifications for integrated content security across the entire software supply chain.
Docker Security Scanning provides binary level scanning. The scanning starts when a user pushes an image to a repository in Docker Cloud. The scanner service takes the image and separates it into its respective layers and components. Then the components are sent to the validation service to check against multiple CVE databases for package name and version.
Docker image scanning and vulnerability detection provides a container-optimized capability for granular auditing of images. The results are presented in a Bill of Materials (BOM) containing the details of the image layers and components, along with and the security profile of each component. This allows ISVs (Independent Software Vendors) and app teams to make informed decisions regarding that content based on their respective security policies. With this information, ISVs can actively fix vulnerabilities to maintain a high-quality security profile of their content that they can then transparently expose to their end users
New features for security scanning platform includes secure content, deep visibility with binary level scanning, proactive risk management and supply chain security.
Docker Security Scanning will be available as a limited time free trial for three months, where Docker cloud users will be able to scan their private repos for vulnerable image components.