Container Security

How to Automatically Scan Images Using OpenShift Image Streams

By Selvam Thangaraj The powerful capabilities enabled by OpenShift Image Streams is a welcome addition to the Red Hat OpenShift container platform. As more enterprises begin moving container workloads into production, the requirement to automate both the application management as well as the security tasks in their CI/CD pipeline becomes more critical. OpenShift Image Streams… Read more »

Container Security

Container Security Report by Gartner Highlights Maturing Options for Securing the CI/CD Pipeline

Gartner recently released a Technical Professional Advice report titled┬áContainer Security — From Image Analysis to Network Segmentation, Options Are Maturing* (by Joerg Fritsch, 28 August 2018, ID: G00366118), with what we believe is the most comprehensive overview of container security to date. In this report Mr. Fritsch identifies 11 threat vectors in an automated deployment… Read more »

Container Security

How to Hack a Kubernetes Container, Then Detect and Prevent It

By Dieter Reuter As we talked about before in this blog, containers are just vulnerable to be attacked as non-container workloads. Hackers can use many of their old tricks on new containers, such as application exploits, network attacks, or phishing scams. In this post and demo, I’ll show how to hack a Kubernetes container using… Read more »

Container Security

Shift Left, Then Right for Runtime Application Container Security

In this new Solution Showcase by Enterprise Strategy Group (ESG), Senior Analyst Doug Cahill reviews recent research on application container adoption trends, then outlines how to build security into the DevOps and SecOps use cases. Abstract: The broad adoption of application containers for both new applications and those being refactored into a microservices architecture has… Read more »

Container Security

Achieving PCI Compliance for Containers

Although microservices and containers are not explicitly mentioned in PCI-DSS for PCI compliance, organizations implementing these technologies must focus carefully on monitoring, securing, and governance. Microservices and containers offer some unique characteristics that support pci compliance. For example, microservices emphasize an architecture with one function per service/container. This aligns well with PCI-DSS 2.2.1, implementing only… Read more »