SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Docker announced the general availability of Docker Security Scanning, an opt-in service for Docker Cloud private repo plans that provides a security assessment of the software included in container images.
Docker Security Scanning enables detailed image security profiles, continuous vulnerability monitoring and notifications for integrated content security across the entire software supply chain. Docker Security Scanning provides binary level scanning, generating a detailed security profile for each Docker image, including details that allow IT operations to assess if the software meets its security compliance standards. The service works seamlessly with existing dev and IT workflows and scans every time a change is shipped, adding a checkpoint before deployment.
Docker Security Scanning works across any application and across all major Linux distributions which allow for integration into a Containers as a Service (CaaS) workflow that improves an organization’s security posture through central IT managed secure content. Also released as part of this security enhancement is an update to Docker Bench, which automates validating a host’s configuration against the CIS Benchmark recommendations. With this update, Docker users can implement recommendations from the latest CIS Docker Benchmark to ensure that their platform is configured to be in-line with the best practices outlined for Docker Engine 1.11.
"We’ve made it our goal to secure the global software supply chain from development, test to production,” said Nathan McCauley, Director of Security at Docker. “As with all of Docker’s tooling, Docker Security Scanning works as an integrated component without any disruption to developer productivity. In fact, Docker Security Scanning enables developers to accelerate their workflows while providing greater visibility into the Docker images they choose to run in their environment. In turn, with usable security capabilities and granular control, IT operations is able to flexibly configure the security policies needed to safeguard their infrastructure."
Docker image scanning and vulnerability detection provide a container-optimized capability for granular auditing of images. The results are presented in a Bill of Materials (BOM) containing the details of the image layers and components, along with the security profile of each component. This allows ISVs (Independent Software Vendors) and app teams to make informed decisions regarding that content based on their respective security policies. With this information, ISVs can actively fix vulnerabilities to maintain high-quality security profiles of their content that they can then transparently expose to their end users. Meanwhile, app teams can decide if they want to use an ISV image based on the displayed profile and flexibly use Security Scanning to check the additional code before deciding to deploy.
In addition to improving the integrity of container content, Security Scanning streamlines ongoing operations by automating the cumbersome aspects of maintaining software compliance. Previously, IT operations would have to rely on the information published by each ISV on the state of their content to the CVE (Common Vulnerability and Exposures) databases and have to manually monitor the CVE databases for any issues. Docker Security Scanning automates this process and notifies the organization when a CVE is reported for any component within the images, enabling IT to address the issue quickly. With Docker, ISVs will have an opportunity to market their up-to-date secure content, with thorough details on what’s inside the container image, to a user community that is pulling 4,000 containers a minute.
Docker Security Scanning is available today to Docker Cloud users with a private repo plan, expanding to include all Docker Cloud repo users by the end of Q3.
Docker Security Scanning will also be available as an integrated feature in Docker Datacenter during the second half of 2016.
Industry News
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.
Progress announced new powerful capabilities and enhancements in the latest release of Progress® Sitefinity®.