DEVOPSdigest

Tripwire announced that Tripwire for DevOps now offers security configuration assessment.

Made generally available earlier this year as a software-as-a-service (SaaS) solution, Tripwire for DevOps now gives an even more complete view of security and compliance risk within DevOps application infrastructure by adding configuration assessment capabilities to the existing vulnerability management capabilities.

"The fundamentals of vulnerability and configuration management should be applied to DevOps application infrastructure just as they should be implemented in the rest of the organization," said Tim Erlin, VP of Product Management and Strategy. "Organizations can now use our DevOps SaaS solution to embed secure configuration management, in addition to vulnerability management, directly into the DevOps workflow."

Tripwire for DevOps fully automates the assessment of container images in the continuous integration/continuous deployment (CI/CD) pipeline and can dynamically test live instances of application containers in an isolated, cloud-based sandbox. It can be used to establish quality gates at each stage to ensure defined security standards are met. It can also be used to simply monitor and assess repositories, providing visibility of potential risk without interfering with the roll-out process.

Tripwire for DevOps was launched earlier this year as a fully self-contained SaaS solution for ease of deployment and continuous roll-out of new capabilities and integrations. Integrations and compatibility currently include:

- Popular DevOps CI/CD build tools Jenkins and TeamCity

- Compatibility with all Docker v2 repositories for container assessment

- A complete REST API and command line interface for DevOps engineers to write custom integrations