Slim.AI Integrates Container Automation Platform With DevOps Workflows

Slim.AI, via an early access program, has made available a version of its automated container security remediation platform that can now be more easily integrated within a DevOps workflow.

John Amaral, Slim.AI CEO, said that integration is achieved via connectors to various continuous integration/continuous delivery (CI/CD) platforms the company now provides for its software-as-a-service (SaaS) offering hosted on the Amazon Web Services (AWS) cloud.

Earlier this year, Slim.AI launched a namesake platform that makes use of machine learning algorithms to resize and optimize containers before they are deployed in a production environment. Many of the containers developers attempt to deploy in a production environment are larger than they need to be either because unnecessary code has been encapsulated or the  code is inefficiently organized.

The platform can also be used to automatically replace containers that have known vulnerability issues, adds Amaral. That capability makes it easier to shift responsibility for security further left toward developers by preventing those vulnerabilities from being included in the build in the first place, he notes.

In general, there’s no longer tolerance for shipping known vulnerabilities within an application, especially in the wake of a series of high-profile security breaches, says Amaral. Organizations of all sizes are reviewing software supply chains to make sure applications are not as easily compromised in production environments as they are today, he adds.

In theory, container applications should be more secure than legacy monolithic applications because it is easier to rip and replace containers than it is to patch an entire monolithic application. Slim.AI, however, is making a case for a platform that prevents insecure containers from ever being deployed in a production environment in the first place, says Amaral.

It’s not clear how broadly AI will be applied to automate DevOps processes. Given how dependent application development and deployment activities still are on manual processes, there are plenty of opportunities to employ machine learning algorithms to automate a wide range of processes. In fact, most organizations that adopt containers will not be able to achieve the developer productivity levels necessary to deploy microservices-based applications at scale without relying more on AI.

DevOps advocates, of course, are committed to ruthlessly automating IT to the fullest extent possible, and will naturally be at the forefront of AI adoption. The real challenge is gaining enough confidence in those AI platforms to trust the recommendations and actions being taken; today’s complex tasks and processes require a lot of manual intervention to get right. At this point, however, it’s not a question of whether AI will be applied to DevOps as much as it is to what degree.

In the meantime, containers will continue to stretch the limits of most existing manual processes. Many DevOps teams today spend an inordinate amount of time on manual processes that are proving to be unsustainable as more applications are deployed.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1361 posts and counting. See all posts by Mike Vizard