Slim.AI Integrates Vulnerability Scanning in Container Platform

Slim.AI is expanding the security capabilities in its namesake container deployment platform and making it simpler to discover vulnerabilities in containers. In addition, Slim.AI is extending the platform’s ability to harden containers before they are deployed in a production environment.

Slim.AI adds a Multi-Scanner Vulnerability Reporting feature that enables IT teams to discover vulnerabilities using multiple container scanning tools.

Slim.AI CEO John Amaral says that capability is critical because it’s become apparent that not every container scanning engine discovers the same vulnerabilities. As a result, many organizations are now employing multiple container scanning engines to discover container vulnerabilities, he notes.

Collectively, in a single workflow, IT teams can slim down containers by removing unnecessary components. Doing so reduces the overall size of the attack surface; IT teams then scan the containers again to document the volume of threats that have been removed. That documentation capability is critical for any third party that may need to run those containers as part of a larger application running on a platform they manage, Amaral notes.

Slim.AI launched its namesake platform earlier this year. The platform makes use of machine learning algorithms to resize and optimize containers before they are deployed in a production environment using an open source DockerSlim tool the company created. Many of the containers that developers attempt to deploy in a production environment are larger than they need to be either because unnecessary code has been encapsulated or the code is inefficiently organized.

The company provides a software-as-a-service (SaaS) platform to host an instance of DockerSlim on the Amazon Web Services (AWS) cloud to enable DevOps teams to streamline container application development and deployment. As part of that goal, Slim.AI has been integrating its platform with a range of continuous integration/continuous delivery (CI/CD) platforms and container registries to make it easier to incorporate within existing DevOps workflows. The Slim.AI platform also automatically replaces containers that have known vulnerability issues as part of an effort to advance the adoption of DevSecOps best practices that shift more responsibility for application security toward application developers, says Amaral.

In theory, container applications should be more secure than legacy monolithic applications because it is easier to rip and replace containers than it is to patch an entire monolithic application. Slim.AI, however, is making a case for a platform that prevents insecure containers from being deployed in a production environment in the first place as part of an effort to improve container security posture.

It’s not clear how quickly AI will be applied to automate DevSecOps workflows. However, organizations that embrace DevOps are typically committed to ruthlessly automating IT to the fullest extent possible—and cybersecurity workflows should be no exception. The real challenge is gaining enough confidence in those AI platforms to trust the recommendations and actions being taken. At this point, however, it’s not a question of whether AI will be applied to DevSecOps workflows as much as it is to what degree, as DevOps teams continue to discover where manual processes end and machine-augemented ones begin.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Mike Vizard has 1614 posts and counting. See all posts by Mike Vizard