In recent years there has been widespread adoption of the use of containers by DevOps teams looking for ways to deploy software more easily, quickly, and continuously to the cloud. Containers are self-contained packages of files that include everything necessary to run an application including code, dependencies, libraries, and system tools. Each container is a runtime instance of a container image; a static, layered file that contains the “blueprints” for the container and the code for the application processes.
Containers may offer fast and flexible deployment, but they also represent a new set of security risks. They can easily contain critical vulnerabilities that might not be found at other stages of development, partly due to the use of images from public repositories or code from open-source libraries.
Container Scanning, a critical capability in cloud security, is now available with HCL AppScan on Cloud. HCL AppScan has developed an innovative solution that leverages their SCA (Software Composition Analysis) technologies to scan all contents of a Docker Container without having to run the container. Docker created the industry standard for containers with their open-source Docker engine in 2013, and they are the most widely used containers today.
To scan Docker containers, HCL AppScan on Cloud users only need to have the Docker CLI (Command Line Interface) tools installed on their system. By using SCA, HCL AppScan can check components against a constantly updated list of known vulnerabilities in third-party and open-source applications. In addition to SCA scanning, users of HCL AppScan on Cloud can run independent SAST (Static Application Security Testing) scans on the application code that will be deployed in the container, and all scan results can be aggregated in a single dashboard view that shows risk levels and allows for faster remediation.
In the case of Docker Container Images, HCL AppScan will create a custom container if one is not available for scanning. All of this is done with simple commands using the HCL AppScan on Cloud CLI (Command Line Interface). The containers are never run and are deleted as soon as they are no longer needed, leaving the developer with only their original work.
Visit AppScan for more information about this innovative container scanning capability and other HCL AppScan application security testing solutions. Experience this technology for yourself with a free trial of HCL AppScan on Cloud.