Veracode launches Container Security offering to meet the needs of cloud-native DevOps teams

Veracode Enhanced CSS platform to include container security. This early access program for Veracode Container Security is now underway for existing customers.

The new Veracode Container Security offering, designed to meet the needs of cloud-native software engineering teams, addresses vulnerability scanning, secure configuration, and secret management requirements for container images.

chief product veracode, Brian RocheHe said, “As developers embrace cloud-native practices, containers are becoming increasingly important for business efficiency. This launch helps bridge a significant market gap for developer-friendly solutions that cover critical capabilities of container security. We are excited to bring this next improvement of our platform to market. and enabling customers to handle security testing for more up-to-date architectures and deployment patterns.”

Container security requirements are rising rapidly

Containers are increasingly being used to simplify software deployment and runtime environment configuration management. It consists of small, fast and portable modules in which code is compiled so that the application can run quickly and reliably in various computing environments – from the desktop to the cloud.

They provide an ecosystem of repositories, coordination technologies, and capabilities that address related issues, such as service-to-service communication and configuration management. Embodied in pipelines from code, containers have the advantage of immutability, meaning that they have not been updated, reconfigured, or debugged in production.

Instead, the base image is updated with new capabilities and redeployed, which helps improve efficiency in a production environment.

Despite the benefits of containers, they are affected by many of the same issues that typically plague physical production or virtual server hardware, such as security vulnerabilities introduced by additional software, poorly managed secrets (such as Amazon Web Services keys and credentials in Dockerfiles), and security misconfigurations.

This has led to an increased demand for products that address these and related issues, with the global container security market expected to reach $3.9 billion by 2027. Container security scans analyze images of containers against regulatory or industry-specific standards to identify unauthorized operations Secure and incorrect configurations can lead to a security vulnerability, insufficient authentication and access control.

Veracode Container Security is integrated into the developer environment

Many of the products already on the market aim to secure containers at runtime and provide limited developer support, which poses a major challenge for early processing. The Veracode solution is instead integrated into the CI/CD (Continuous Integration and Continuous Delivery) pipeline and is available in the command line interface.

Providing coverage for vulnerabilities, management of secrets, and security configuration issues on the most common operating systems, it provides remedial advice to developers early in the software development lifecycle so that unsecured containers are not shipped to production.

Veracode Container Security results are available in a variety of formats based on user selection, including text, JSON (JavaScript Object Notation), and Software Bill of Materials (CycloneDX and SWID [Software Identification Tagging]or SPDX [Software Packaging Data Exchange]), making it easy to integrate with other tools.

Equipping developers and their teams with the tools to meet their specific needs means they can find and fix vulnerabilities early in the lifecycle, giving them confidence that their containerized application environment is secure.

“Veracode Container Security will be useful for our developers to ensure that the workloads they deploy in our cloud are secure,” said the Automotive Company’s Director of Information Security.

“Without this tool, our team would take weeks to receive action container results and these results were only available in limited formats. Now, we are excited to integrate the results into the pipeline even before they go into production, saving time and cost effectiveness for our business.”

Leave a Comment