Container Security

The Implications of Kubernetes Vulnerability CVE-2018-1002105

By Fei Huang Kubernetes critical vulnerability CVE-2018-1002105 was reported this week and the implication is a big warning to the fast-growing, massive DevOps world. The wide adoption of Kubernetes and Docker workloads is no doubt indicative of a disruptive next generation platform technology. But of course, like the dark side of the moon, every big shiny thing… Read more »

Container Security

Critical Kubernetes & OpenShift Vulnerability Exposes API Server

The First Major Vulnerability Discovered in Kubernetes, And It’s A Big One The big news today on the eve of the start of DockerCon EMEA has not been conference related announcements but rather the disclosure of a critical security hole in Kubernetes, and by inheritance, Red Hat OpenShift. This vulnerability, CVE-2018-1002105, is so critical with… Read more »

Container Security

How to Automatically Scan Images Using OpenShift Image Streams

By Selvam Thangaraj The powerful capabilities enabled by OpenShift Image Streams is a welcome addition to the Red Hat OpenShift container platform. As more enterprises begin moving container workloads into production, the requirement to automate both the application management as well as the security tasks in their CI/CD pipeline becomes more critical. OpenShift Image Streams… Read more »

Docker Security

Delivering Shift-Left Security with NeuVector and JFrog Xray

Bringing Kubernetes app security insights to developers By Henrik Rosendahl & Craig Peters Kubernetes, the container and orchestration tool favored by enterprises, provides great benefit in automating many aspects of application deployment at scale. But, like any emerging technology, there are perils as well. Administrators are learning that deployments of these new cloud architectures can… Read more »

Docker Security

Automating Image Scanning with Jenkins

By Xiaofeng Sun Containers provide an easy and efficient way to deploy applications. But container images may contain open source code over which you don’t have a full control. Many vulnerabilities in open source projects have been reported, and you may decide to use these libraries with vulnerabilities or not after scanning the images and… Read more »