start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Close
Select Page

In recent years there has been widespread adoption of the use of containers by DevOps teams looking for ways to deploy software more easily, quickly, and continuously to the cloud. Containers are self-contained packages of files that include everything necessary to run an application including code, dependencies, libraries, and system tools. Each container is a runtime instance of a container image; a static, layered file that contains the “blueprints” for the container and the code for the application processes.

Containers may offer fast and flexible deployment, but they also represent a new set of security risks. They can easily contain critical vulnerabilities that might not be found at other stages of development, partly due to the use of images from public repositories or code from open-source libraries.

Container Scanning, a critical capability in cloud security, is now available with HCL AppScan on Cloud. HCL AppScan has developed an innovative solution that leverages their SCA (Software Composition Analysis) technologies to scan all contents of a Docker Container without having to run the container. Docker created the industry standard for containers with their open-source Docker engine in 2013, and they are the most widely used containers today.

container scanning in HCL AppScan

To scan Docker containers, HCL AppScan on Cloud users only need to have the Docker CLI (Command Line Interface) tools installed on their system. By using SCA, HCL AppScan can check components against a constantly updated list of known vulnerabilities in third-party and open-source applications. In addition to SCA scanning, users of HCL AppScan on Cloud can run independent SAST (Static Application Security Testing) scans on the application code that will be deployed in the container, and all scan results can be aggregated in a single dashboard view that shows risk levels and allows for faster remediation.

In the case of Docker Container Images, HCL AppScan will create a custom container if one is not available for scanning. All of this is done with simple commands using the HCL AppScan on Cloud CLI (Command Line Interface). The containers are never run and are deleted as soon as they are no longer needed, leaving the developer with only their original work.

Visit AppScan for more information about this innovative container scanning capability and other HCL AppScan application security testing solutions. Experience this technology for yourself with a free trial of HCL AppScan on Cloud.

Comment wrap

Start a Conversation with Us

We’re here to help you find the right solutions and support you in achieving your business goals.

Secure DevOps | November 27, 2024
The Hidden Cost of Security Fixes for Software Developers
Developers spend up to 19% of their time on security tasks, costing companies $28K per developer annually. Learn how to reduce this burden and improve your application security posture with HCL AppScan.
Secure DevOps | October 28, 2024
DAST and SCA Capabilities: Latest Updates in HCL AppScan on Cloud
Discover the latest DAST, SCA, and integration updates in HCL AppScan on Cloud, enhancing application security and streamlining development workflows.
Secure DevOps | December 20, 2023
Secure Application Code Against Vulnerabilities Faster with HCL AppScan Fix Groups
Stop in for an update on how HCL AppScan helps find vulnerabilities and security risks, starting with built in AI that dramatically reduces the number of scan findings and practically eliminates false positives.