start portlet menu bar

HCLSoftware: Fueling the Digital+ Economy

Display portlet menu
end portlet menu bar
Select Page

In recent years there has been widespread adoption of the use of containers by DevOps teams looking for ways to deploy software more easily, quickly, and continuously to the cloud. Containers are self-contained packages of files that include everything necessary to run an application including code, dependencies, libraries, and system tools. Each container is a runtime instance of a container image; a static, layered file that contains the “blueprints” for the container and the code for the application processes.

Containers may offer fast and flexible deployment, but they also represent a new set of security risks. They can easily contain critical vulnerabilities that might not be found at other stages of development, partly due to the use of images from public repositories or code from open-source libraries.

Container Scanning, a critical capability in cloud security, is now available with HCL AppScan on Cloud. HCL AppScan has developed an innovative solution that leverages their SCA (Software Composition Analysis) technologies to scan all contents of a Docker Container without having to run the container. Docker created the industry standard for containers with their open-source Docker engine in 2013, and they are the most widely used containers today.

container scanning in HCL AppScan

To scan Docker containers, HCL AppScan on Cloud users only need to have the Docker CLI (Command Line Interface) tools installed on their system. By using SCA, HCL AppScan can check components against a constantly updated list of known vulnerabilities in third-party and open-source applications. In addition to SCA scanning, users of HCL AppScan on Cloud can run independent SAST (Static Application Security Testing) scans on the application code that will be deployed in the container, and all scan results can be aggregated in a single dashboard view that shows risk levels and allows for faster remediation.

In the case of Docker Container Images, HCL AppScan will create a custom container if one is not available for scanning. All of this is done with simple commands using the HCL AppScan on Cloud CLI (Command Line Interface). The containers are never run and are deleted as soon as they are no longer needed, leaving the developer with only their original work.

Visit AppScan for more information about this innovative container scanning capability and other HCL AppScan application security testing solutions. Experience this technology for yourself with a free trial of HCL AppScan on Cloud.

Comment wrap
Secure DevOps | December 20, 2023
Secure Application Code Against Vulnerabilities Faster with HCL AppScan Fix Groups
Stop in for an update on how HCL AppScan helps find vulnerabilities and security risks, starting with built in AI that dramatically reduces the number of scan findings and practically eliminates false positives.
Secure DevOps | August 2, 2023
Wider Application Security Coverage with HCL AppScan DAST and Vulnerable Third-Party Component Detection
HCL AppScan DAST (dynamic application security testing) is an industry-leading technology that scans your applications and APIs against potential vulnerabilities.
Secure DevOps | August 2, 2023
Find More Vulnerabilities Than Ever Before with the new HCL AppScan Version 10.3.0
HCL AppScan continues to push forward on an accelerated innovation roadmap with the release of version 10.3.0 for three on-prem software products: HCL AppScan Standard, Enterprise, and Source.