Container Security

How to secure software containers

Adoption of software containers has risen dramatically as more organizations realize the benefits of this virtualized technology. Software containers are lightweight, standalone, executable packages of software that include everything required to run it. Containers include code, runtime, settings, system libraries and system tools, and can be used with both Linux and Windows-based applications. By isolating software from its surroundings, software containers enable code to always run the same regardless of the environment it is operating within.

For all their value, software containers also include significant risks. Lack of visibility into containers means security teams are often unable to discern whether there are any issues within the code. And containers are rarely scanned for vulnerabilities before or after being deployed to production.

There are a number of steps that developers can take to help secure software containers, including enforcing the use of trusted container image repositories, eliminating image clutter by continuously monitoring what’s inside containers, and using secrets management tools to protect sensitive data. Scanning software containers for vulnerabilities is also critical – and that’s where Veracode can help.

Container security testing ​​​with Veracode

Veracode provides application security testing solutions that help to protect the software business relies on. Our suite of on-demand, SaaS-based testing services enable security analysis and testing to be embedded throughout the software development lifecycle (SDLC), allowing developers to test for vulnerabilities from inception through production.

Veracode Software Composition Analysis scans Docker containers and images to find vulnerabilities associated with open source libraries as dependencies of the base OS image and globally installed packages.

Securing containers from open source vulnerabilities isn’t all that different from looking at vulnerabilities in open source libraries in your code. You need to be able to scan your container the moment it’s introduced, with all of its globally installed packages. This enables your development team to decide whether they want to proceed forward with the vulnerabilities present, introduce ways to mitigate the issues, update to a more secure version of the libraries being used, or explore alternative base images and libraries that are more secure.

Comprehensive solutions for container security software and other applications

Additional Veracode software testing services include:

• Veracode Static Analysis IDE Scan, a solution that runs in the background of a developer’s IDE to provide immediate alerts and feedback about potential flaws as code is being written.
• Veracode Dynamic Analysis, a web application scanner service that inventories all public-facing web applications and performs both lightweight, production-safe scans and deep scans to identify potential vulnerabilities.
• Veracode Static Analysis is an easy-to-use testing methodology that lets developers quickly scan web, mobile and desktop applications. With Veracode Static Analysis, developers can quickly identify and remediate vulnerabilities like cross-site scripting and SQL insertion without having to manage a tool. Our patented technology scans binaries, eliminating the need for access to source code. Results are provided within four hours for 80% of scans, and 90% of scans are completed within a day. With highly accurate results that are prioritized based on severity and include a step-by-step remediation plan, developers can fix flaws faster while avoiding wasting time on false positives.