Trivy is a comprehensive, easy-to-use open source vulnerability scanner for container images. Since its introduction two years ago, the project has gained a broad following among open source community members. I’m excited to share that it has now become the first container image vulnerability scanner to surpass …

One of the great security benefits of the move to cloud native development is the increased use of Infrastructure as Code (IaC) to describe computing environments. Once things are described as code, we can shift left and secure our environments before they’re deployed. As a major new feature, the latest version of …

Digital transformation is fundamentally changing how organizations compete and engage with customers, even redefining traditional labor-intensive industries. A great example of this is Forum Engineering, a staffing company from Japan, which developed an AI-based Software-as-a-Service solution to stay ahead of the …

If you work with containers long enough, you already know that containers should not be considered as security boundaries. In this blog, we’ll explore how different container isolation techniques intend to provide a solution to this problem, and whether their strengths and weaknesses make them a practical choice.

One of the fundamental questions in container security, since the early days of Docker, is whether a container constitutes a security boundary. In this first part of a two-blog discussion of containers and isolation, we take a look at the security boundary question, along with key examples. Part II will continue …

Coming from a software engineering background, we built tfsec to help developers like us scan their infrastructure-as-code (IaC) templates and prevent cloud misconfigurations from being deployed. Teams at the world’s leading organizations are now leveraging tfsec to “shift left” and introduce security earlier in …

Hot on the heels of highly publicized attacks like those affecting Solarwinds and Codecov, organizations are taking a firm stance on software supply chain security. But in order to be effective at securing the slurry of artifacts that get incorporated into cloud native applications, we must first understand the …

A single vulnerability in one of the code dependencies can put an entire application at risk, yet 48% of organizations knowingly push vulnerable code into production regularly. With a heavy reliance on open source software to build applications, patching a myriad of vulnerabilities has become an extremely hard and …

While Docker has become synonymous with containers, various container tools and platforms have emerged to make the process of developing and running containers more efficient. Still, a lot of the same principles around Docker security apply for protecting container-based applications built with other tools as well. …

One of the challenges with container security and its standards is keeping current with new releases and products. New versions of the Docker and Kubernetes CIS Benchmarks were released recently to capture changes in the new versions of those projects, both to keep things current and to expand coverage to help …