Veracode Container Security Secures Cloud-Native Application Development

Veracode announced the enhancement of its continuous software security platform to include container security.

This early access program for Veracode Container Security is now live for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.

Veracode Product Manager, Brian Rock, said, “As developers adopt cloud-native computing practices, containers have become increasingly important to business efficiency. This launch fills a significant gap in the market for developer-friendly solutions that cover security-critical container capabilities. We are excited to bring this next enhancement to our platform to market and enable customers to perform security testing for more modern architectures and deployment styles.

Container security requirement is increasing rapidly

Containers are increasingly being used to simplify software deployment and runtime configuration management. They include small, fast and portable software units in which code is packaged so that an application can run quickly and reliably in different computing environments, from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and features that address related issues, such as service-to-service communication and configuration management.

Instantiated in pipelines from code, containers benefit from immutability, meaning they are not updated, reconfigured, or patched in production. Instead, the underlying image is updated with new features and redeployed, helping to improve the efficiency of the production environment.

Despite the benefits of containers, they are affected by many of the same issues that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced by additional software, mishandled secrets (like Amazon Web Services keys and credentials in Dockerfiles) and security configuration errors. This has led to an increased demand for products that address these and related issues, with the global container security market size expected to reach $3.9 billion by 2027.

Container security scanning scans container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that can lead to vulnerability, and authentication and security checks. inadequate access.

Veracode Container Security integrates into the development environment

Many products already on the market aim to secure running containers and offer limited developer support, which poses a major challenge for early resolution. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available on the command-line interface. Offering coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it provides remediation guidance to developers early in the development lifecycle software so that unsecured containers are not shipped to production.

Veracode Container Security output is available in a variety of formats depending on the user’s choice, including text, JSON (JavaScript Object Notation), and software BOM (CycloneDX, SWID [Software Identification Tagging]or SPDX [Software Packaging Data Exchange]), which facilitates their integration with other tools. Providing developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure.

“Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy in our cloud are secure,” said the information security manager of an automotive company. “Without this tool, it would take our team weeks to receive and process the results from the container and these would have only been available in limited formats. Now we are excited to bring the results into the pipeline even before they don’t go into production, saving time and reducing costs for our business.”


Source link

Comments are closed.