Home » Black Duck scans containers for security

Black Duck scans containers for security

Focus on Docker analysis: New to containers but not to open source, Black Duck announced the ability to scan open source container applications to identify known open source vulnerabilities. Black Duck’s Hub software helps security, development and DevOps teams find and fix open source risks in applications and containers.

Source: Black Duck Software

Addresses major challenge inhibiting enterprise adoption of container technology

BURLINGTON, Mass.–()–Black Duck, a global leader in automated solutions for securing and managing open source software, today announced the addition of comprehensive container scanning capabilities to its Hub software. DevOps teams will be able to map open source security vulnerabilities for applications, Linux distributions and other software in Docker and other Linux containers.

By deploying a containerized scanner on their Docker host, users can automatically identify the known open source security vulnerabilities in all layers of any container on that host, the company said.

The rapid growth in container use has created new challenges for the DevOps teams responsible for ensuring the security and reliability of applications they deploy. Because containers come from many sources and often bundle custom applications with other software and operating system files, it is difficult to detect known open source vulnerabilities and keep them from entering the operating environment.

Black Duck Hub increases DevOps’ visibility into a container’s contents by fully inventorying its open source software and identifying all known open source vulnerabilities. This ensures that only containers meeting the organization’s security criteria are deployed.

Mike Pittenger, Black Duck Vice President, called Hub’s container scanning capabilities “a breakthrough that eliminates a significant barrier to enterprise adoption of a game-changing technology. Enterprise DevOps groups are eager to take advantage of the cost savings and agility that containers provide, but they have been cautious to adopt them because of security concerns.”

In October Black Duck and open source leader Red Hat announced a collaboration to establish a more secure model for containerized application delivery. At the time, both companies noted that security concerns were major barriers for container technology adoption and sought to address it jointly to spur ongoing container adoption.

“This is a step forward in achieving the goal we announced with Red Hat,” Pittenger said.

“The potential of containers is significant, but we believe it can only be fully realized in the enterprise if container security – understanding what's inside the container, and the ability to detect and address vulnerabilities – is addressed,” said Mike Werner, senior director, Global Technology Ecosystems, Red Hat. “Our ongoing work with Black Duck aims to help customers address that challenge.”

About Black Duck Software
Organizations worldwide use Black Duck Software’s industry-leading products to secure and manage open source software, eliminating the pain related to security vulnerabilities, compliance and operational risk. Black Duck is headquartered in Burlington, MA, and has offices in Mountain View, CA, London, Frankfurt, Hong Kong, Tokyo, Seoul and Beijing. For more information, visit www.blackducksoftware.com.

 

Contacts

Black Duck Software
Brian Carter, 508-277-7570
Director of Strategic Communications
bcarter@blackducksoftware.com