Veracode launches container security offering that secures cloud-native application development

BURLINGTON, Mass.–(BUSINESS WIRE)–Veracode, a leading global provider of application security testing solutions, today announced the enhancement of its continuous software security platform to include container security. This early access program for Veracode Container Security is now live for existing customers. The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secrets management requirements for container images.

Veracode Chief Product Officer Brian Roche said, “As developers embrace cloud-native computing practices, containers have become increasingly important to business efficiency. This launch fills a significant gap in the market for developer-friendly solutions that cover security-critical container capabilities. We are excited to bring this next enhancement to our platform to market and enable customers to perform security testing for more modern architectures and deployment styles.

Container security requirement is increasing rapidly

Containers are increasingly being used to simplify software deployment and runtime configuration management. They include small, fast and portable software units in which code is packaged so that an application can run quickly and reliably in different computing environments, from the desktop to the cloud. They provide an ecosystem of repositories, orchestration technologies, and features that address related issues, such as service-to-service communication and configuration management. Instantiated in pipelines from code, containers benefit from immutability, meaning they are not updated, reconfigured, or patched in production. Instead, the underlying image is updated with new features and redeployed, helping to improve the efficiency of the production environment.

Despite the advantages of containers, they are affected by many of the same issues that traditionally plague physical production or virtual server hardware, such as vulnerabilities introduced by additional software, mishandled secrets (like keys and user information, etc.). Amazon Web Services identification in Dockerfiles) and security. bad configurations. This has led to an increased demand for products that address these and related issues, with the global container security market size expected to reach $3.9 billion by 2027*. Container security scanning scans container images against organizational or industry-specific standards to identify insecure processes, misconfigurations that can lead to vulnerability, and authentication and security checks. inadequate access.

Veracode Container Security integrates with the development environment

Many products already on the market aim to secure running containers and offer limited developer support, which poses a major challenge for early resolution. Veracode’s solution instead integrates into the CI/CD (continuous integration and continuous delivery) pipeline and is available on the command-line interface. Offering coverage for vulnerability detection and remediation, secrets management, and security configuration issues on the most popular operating systems, it provides remediation guidance to developers early in the development lifecycle software so that unsecured containers are not shipped to production.

Veracode Container Security output is available in a variety of formats depending on the user’s choice, including text, JSON (JavaScript Object Notation), and software BOM (CycloneDX, SWID [Software Identification Tagging]or SPDX [Software Packaging Data Exchange]), which facilitates their integration with other tools. Providing developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure.

“Veracode Container Security will be instrumental for our developers to ensure that the workloads they deploy in our cloud are secure,” said the information security manager of an automotive company. “Without this tool, it would take our team weeks to receive and process the results from the container and these would have only been available in limited formats. Now we are excited to bring the results into the pipeline even before they don’t go into production, saving time and reducing costs for our business.”

To learn more about container security, read more here.

*Research and Markets, “Global Container Security Market Size, Share & Industry Trends Analysis Report By Component (Products and Services), By Services Type, By Organization Size, By Vertical, By Regional Outlook and Forecast, 2021-2027” report, February 2022

About Veracode

Veracode is a leading AppSec partner for building secure software, reducing the risk of security breaches, and increasing productivity for security and development teams. As a result, companies using Veracode can move their business and the world forward. With its combination of process automation, integrations, speed, and responsiveness, Veracode helps organizations achieve accurate and reliable results to focus their efforts on patching, not just finding, potential vulnerabilities. Learn more about www.veracode.comon the Veracode Blog and on Twitter.

Copyright © 2022 Veracode, Inc. All rights reserved. Veracode is a registered trademark of Veracode, Inc. in the United States and may be registered in certain other jurisdictions. All other product names, brands or logos belong to their respective owners. All other trademarks mentioned herein are the property of their respective owners.

Source link

Comments are closed.