WhiteSource Launches New Product for E2E Open Source Security Throughout Container Lifecycle

WhiteSource providing automated open source container security for development and production environments, including an advanced solution for Kubernetes

WhiteSource, the leader in continuous open source security and license compliance management, announced today the release of WhiteSource Containers. The new solution is a holistic, end-to-end solution for the detection and remediation of open source vulnerabilities within container images and containers throughout the SDLC and offers an advanced support for container orchestration platforms such as Kubernetes.

As organizations move towards Microservices architecture, utilizing containers as the delivery vehicle to keep pace with the rate of development, software development and security teams need to adapt their application security processes to keep these services secured and compliant.

WhiteSource for Containers offers an end-to-end solution to automatically detect vulnerabilities and license compliance issues in container images and containers throughout the SDLC. The solution integrates natively with all main container registries and allows for the automated detection of problematic open source components – both within the containers and the software deployed on it – without the need to manually download and scan containers or images.

The new product includes an advanced Kubernetes agent that runs silently in the background as a pod in the production cluster, automatically scanning any image deployed to production in new pods. The agent alerts development teams about new vulnerabilities and enforces policies in real time, even after the software has been released to market. This capability is crucial for long term security as vulnerabilities are often found years after release and deployed products can become vulnerable from one day to the next without warning.

“Containers are now the accepted future of dynamic development, allowing organizations to push applications through the SDLC with a minimum of disruptions. The industry is now waking up to the necessity of securing container usage, gaining full visibility and policy enforcement to stay safe and compliant,” said WhiteSource VP Product David Habusha. “WhiteSource for Containers takes our existing capabilities to secure open source components into the realm of containers, providing our users with a dedicated tool to meet their needs.”

WhiteSources’s new product integrates with container registries including Docker Hub, Amazon ECR, Azure Container Registry, and JFrog Artifactory, through deployment, all build tools supported by the WhiteSource platform as well as a full integration with Kubernetes.