Sysdig Partners with VulnDB
September 02, 2020

Sysdig announced the addition of VulnDB as a third-party vulnerability source.

VulnDB, from Risk Based Security, is a comprehensive, timely, and actionable source of vulnerability intelligence.

With this partnership, the Sysdig Secure DevOps Platform extends its image scanning capabilities to provide richer findings around vulnerabilities in third-party libraries and dependencies. Combined with the wide range of vulnerability databases the Sysdig platform checks against, the comprehensive data from VulnDB enables organizations to more effectively identify, track, and reduce security risk. To support this activity, Sysdig added a new VulnDB view to the Sysdig dashboards.

Image scanning is critical to the ‘shift-left’ approach for security and should be integrated into the build process to validate images added to the container registry, and during runtime to ensure new vulnerabilities, secrets, and license violations are not introduced during production. Image scanning is one of 10 workflows that span security, compliance, and monitoring that Sysdig provides to help organizations manage security risk and maximize availability. As Sysdig scans images, VulnDB provides Sysdig customers with increased vulnerability coverage and further strengthens reporting on vulnerabilities.

VulnDB provides more than 76,000 additional vulnerabilities not found in the publicly available Common Vulnerabilities and Exposures (CVE) database and provides the most comprehensive vulnerability database. The new VulnDB view in the Sysdig dashboards helps organizations to quickly identify vulnerabilities, recommend a fix, and speed remediation. For each vulnerability detected, developers can immediately see every package affected, along with the version impacted and the Common Vulnerability Scoring System (CVSS) score. The VulnDB and vendor scores help teams focus on high-risk issues and understand who is responsible for the fix.

“As organizations move to the cloud, they often rely too heavily on default vulnerability data, which isn’t enough for most organizations,” said Omer Azaria, VP of Engineering at Sysdig. “Partnering with VulnDB adds a valuable intelligence feed, enabling us to give Sysdig customers the most comprehensive aggregation of vulnerabilities and visibility to their risks. Addressing issues during the build process is fundamental to accelerating application delivery while managing risk.”

Current Sysdig customers have access to the VulnDB data and will find the new views in their dashboards today.

Share this

Industry News

September 17, 2020

env0, a developer of Infrastructure-as-Code (IaC) management software, announced the availability of its new open source solution for Terraform users, Terratag.

September 17, 2020

Push Technology announced a partnership with Innova Solutions, an ACS Solutions company, specializing in global information technology services.

September 17, 2020

Alcide achieved the AWS Outposts Ready designation, part of the Amazon Web Services (AWS) Service Ready Program.

September 16, 2020

Portshift announced serverless container security support for AWS Fargate.

September 16, 2020

Sonatype and NeuVector announced a new integration that provides a comprehensive view of all Kubernetes and Container open source risk in one place.

September 16, 2020

Pure Storage entered into a definitive agreement to acquire Portworx, a Kubernetes data services platform enterprises trust to run mission-critical applications in containers in production.

September 15, 2020

OutSystems announced a series of new tools and capabilities that will empower organizations of all sizes to build applications quickly, build them right, and build them for the future.

September 15, 2020

VMware unveiled new offerings to help customers further accelerate their app and infrastructure modernization initiatives. VMware vSphere 7 Update 1, VMware vSAN 7 Update 1 and VMware Cloud Foundation 4.1 product releases streamline customer adoption of Kubernetes and support stateful applications with new developer-ready capabilities and enhance scalability and operations with new features.

September 15, 2020

Oracle announced the general availability of Java 15 (Oracle JDK 15).

September 14, 2020

Actifio announced a global alliance with Persistent Systems, a global solutions company with deep technology expertise, to help enterprises with data stack modernization and acceleration of digital transformation initiatives.

September 14, 2020

Perforce Software announced the release of the Helix TeamHub Command-Line Client (hth-cli).

September 14, 2020

StackRox secured an additional $26.5 million in funding.

September 10, 2020

JourneyApps announced the official launch of its OXIDE Integrated Development Environment (IDE) which ushers in a new paradigm of building, deploying and managing secure and powerful business applications.

September 10, 2020

Solo.io announced the WebAssembly OCI Image Specification, which defines a standard format for bundling and storing a Wasm module and its metadata as an OCI (Open Container Initiative) image in order to facilitate interoperability across different solutions.

September 10, 2020

Flexential announced new dedicated Hosted Private Cloud - vCenter Access capabilities that enable organizations to use industry-leading third-party tools to manage workloads and data protection requirements on a single, consolidated cloud platform.