Veracode introduced new container security to its continuous software security platform. Existing customers can now participate in an early access program for Veracode Container Security. The new Veracode Container Security service, developed for cloud-native software engineering teams, meets container image vulnerability assessment, secure configuration, and secrets management requirements.
Brian Roche, Chief Product Officer of Veracode commented, “As developers embrace cloud-native computing practices, containers have become increasingly important for business efficiency. This launch helps close a substantial gap in the market for developer-friendly solutions that cover critical capabilities for container security. We are excited to bring this next enhancement of our platform to the market and empower customers to address security testing for more modern architectures and deployment styles.”
Containers are being used more and more to streamline software deployment and runtime environment configuration management. They are composed of compact, fast, portable units of software in which code is packaged so that an application can run rapidly and reliably in a variety of computer environments ranging from the desktop to the cloud. They provide a repository ecosystem, orchestration tools, and features that solve associated concerns including service-to-service communication and configuration management.
Containers, which are instantiated in pipelines from code, offer the advantage of immutability, which means they are not modified, reconfigured, or patched in production. Instead, the underlying image is updated with new capabilities and redeployed, which helps to enhance production efficiency.
Veracode’s solution integrates into the CI/CD workflow and is available through the command line interface. It gives repair guidance to developers early in the software development life cycle, preventing unsafe containers from shipping to production by covering vulnerability detection and remediation, secrets management, and security configuration issues on the most prevalent operating systems.
Veracode Container Security results are accessible in a variety of formats, including text, JSON (JavaScript Object Notation), Software Bill of Materials (CycloneDX), SWID [Software Identification Tagging], or SPDX, allowing them to be easily integrated with other applications.