WhiteSource, the leader in open source security and license compliance management announced today a further enhancement of its support for containerized applications.
Supporting all versions of Windows and Linux operating systems, WhiteSource now expands its Docker container analysis tool to support full image scanning throughout all the image layers and packages within the image. This new capability adds to the existing support for detecting open source vulnerabilities both in the container body and the installed software.
This new capability expands the visibility for software development and security teams on their containerized applications earlier in the Software Development Lifecycle. This is an important capability that becomes necessary for many organizations as they expand their usage of Docker and other container services.
“As a part of expanding our insights into the security of containers, including those that are in repositories, we can monitor the images at rest,” explains David Habusha, WhiteSource's VP of Product. “Even if nothing changes within an image, users will receive alerts if new vulnerabilities are discovered, providing them with accurate remediation advice.”
A key feature that the company has included in the latest edition of their security product is full automation for monitoring images without the need to run them as active containers. The enhanced Docker container analysis tools now support container images that are hosted in repositories like DockerHub, Artifactory, and GitHub.
“We are now scanning Docker images that are stored within the repositories, maintaining continuous security for containers throughout the CI/CD process. WhiteSource now allows customers to make sure that they run and store safe containers and images,” Habusha notes, addressing the customers' need to provide the widest coverage possible across their various microservices, which have become standard across the industry.