Opsera announced that two new patents have been issued for its Unified DevOps Platform, now totaling nine patents issued for the cloud-native DevOps Platform.
Aqua Security announced at DockerCon a native Jenkins plug-in for Aqua MicroScanner, the company's free-to-use vulnerability scanner for Docker container images.
The plug-in allows developers to automate vulnerability scanning as part of their build process, even before Docker images are built, stored, and shared.
"As developers continue to discover the benefits of using containers, and new members are joining the community every day, the need to provide easy, automated security scanning increases," said Liz Rice, Technology Evangelist at Aqua. "Since we launched MicroScanner earlier this year, the number one request was for easier automation - which we're now providing with the native Jenkins plug-in."
By building applications based on existing open-source code, developers accelerate the pace of innovation and improve efficiency. However, this 3rd party code introduces potential risks and vulnerabilities, which is why scanning Docker images is highly recommended, and should be performed as much as possible as part of the automated image build processes.
Aqua MicroScanner works by embedding an executable and a step in the Dockerfile, which triggers a scan during the image build. This generates a report of the vulnerabilities found and suggested remediations. Optionally, the developer can choose to automatically fail a build when high severity vulnerabilities are found. This way, images that include vulnerable code are never built, allowing developers to "fail fast" and fix issues before images are stored in registries and deployed in production.
Aqua MicroScanner checks OS packages in Docker images for known vulnerabilities based on multiple aggregated sources, including NVD, vendor security advisories, and information from software developers themselves. In addition, the Aqua Security Research Team further compares and resolves the results to keep track of any updates or differences, and to eliminate false positives.
Industry News
mabl announced the addition of mobile application testing to its platform.
Spectro Cloud announced the achievement of a new Amazon Web Services (AWS) Competency designation.
GitLab announced the general availability of GitLab Duo Chat.
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.