GitLab announced the general availability of GitLab Duo Chat.
Aqua Security announced at DockerCon a native Jenkins plug-in for Aqua MicroScanner, the company's free-to-use vulnerability scanner for Docker container images.
The plug-in allows developers to automate vulnerability scanning as part of their build process, even before Docker images are built, stored, and shared.
"As developers continue to discover the benefits of using containers, and new members are joining the community every day, the need to provide easy, automated security scanning increases," said Liz Rice, Technology Evangelist at Aqua. "Since we launched MicroScanner earlier this year, the number one request was for easier automation - which we're now providing with the native Jenkins plug-in."
By building applications based on existing open-source code, developers accelerate the pace of innovation and improve efficiency. However, this 3rd party code introduces potential risks and vulnerabilities, which is why scanning Docker images is highly recommended, and should be performed as much as possible as part of the automated image build processes.
Aqua MicroScanner works by embedding an executable and a step in the Dockerfile, which triggers a scan during the image build. This generates a report of the vulnerabilities found and suggested remediations. Optionally, the developer can choose to automatically fail a build when high severity vulnerabilities are found. This way, images that include vulnerable code are never built, allowing developers to "fail fast" and fix issues before images are stored in registries and deployed in production.
Aqua MicroScanner checks OS packages in Docker images for known vulnerabilities based on multiple aggregated sources, including NVD, vendor security advisories, and information from software developers themselves. In addition, the Aqua Security Research Team further compares and resolves the results to keep track of any updates or differences, and to eliminate false positives.
Industry News
SmartBear announced a new version of its API design and documentation tool, SwaggerHub, integrating Stoplight’s API open source tools.
Red Hat announced updates to Red Hat Trusted Software Supply Chain.
Tricentis announced the latest update to the company’s AI offerings with the launch of Tricentis Copilot, a suite of solutions leveraging generative AI to enhance productivity throughout the entire testing lifecycle.
CIQ launched fully supported, upstream stable kernels for Rocky Linux via the CIQ Enterprise Linux Platform, providing enhanced performance, hardware compatibility and security.
Redgate launched an enterprise version of its database monitoring tool, providing a range of new features to address the challenges of scale and complexity faced by larger organizations.
Snyk announced the expansion of its current partnership with Google Cloud to advance secure code generated by Google Cloud’s generative-AI-powered collaborator service, Gemini Code Assist.
Kong announced the commercial availability of Kong Konnect Dedicated Cloud Gateways on Amazon Web Services (AWS).
Pegasystems announced the general availability of Pega Infinity ’24.1™.
Sylabs announces the launch of a new certification focusing on the Singularity container platform.
OpenText™ announced Cloud Editions (CE) 24.2, including OpenText DevOps Cloud and OpenText™ DevOps Aviator.
Postman announced its acquisition of Orbit, the community growth platform for developer companies.
Check Point® Software Technologies Ltd. announced new email security features that enhance its Check Point Harmony Email & Collaboration portfolio: Patented unified quarantine, DMARC monitoring, archiving, and Smart Banners.
Automation Anywhere announced an expanded partnership with Google Cloud to leverage the combined power of generative AI and its own specialized, generative AI automation models to give companies a powerful solution to optimize and transform their business.
Jetic announced the release of Jetlets, a low-code and no-code block template, that allows users to easily build any technically advanced integration use case, typically not covered by alternative integration platforms.