Docker Inc., Snyk Ally to Improve Containerized App Security

Docker Inc. is the latest provider of tools for building containerized applications to partner with Snyk following an alliance between the two companies revealed this week.

Justin Graham, vice president of products for Docker Inc., says container vulnerability scanning tools from Snyk will be embedded in future versions of Docker Desktop tools for building applications and the Docker Hub repository for storing container images, which are due in the third quarter. The goal, he says, is to provide developers with the tools needed to discover vulnerabilities as they build applications versus addressing them after an application has been deployed in a production environment.

The alliance with Docker comes on the heels of a similar relationship established between Snyk and Red Hat through which Snyk tools for scanning containers will be embedded in application development tools provided by Red Hat.

Aner Mazur, chief product officer for Snyk, says that as developers are held more accountable for cybersecurity it’s clear many more of them are looking for tools for securing applications that act as a natural extension of existing application development and deployment processes. As such, Snyk has been focused on extending the reach of its tools via alliances with vendors that provide those tools and platforms that are developer-centric, he says.

In general, there’s a lot of hype surrounding the rise of best DevSecOps practices. However, it’s only been until recently that the tools developers require to secure applications have become more widely available. Many IT organizations have been encouraging DevOps teams to take on more responsibility for application security, which often results in late-night calls for updates to applications whenever a severe breach is discovered.

Of course, the goal is to eliminate the need for that call in the first place. Historically, cybersecurity teams have shared lists of vulnerabilities that should be remediated but have little to no context concerning their severity. Developers have attempted to balance those requests against other bug fixes and demands for new application features with mixed success. Snyk tools should make it possible for developers to discover vulnerabilities on their own before their code is merged, thereby streamlining whatever DevSecOps process are employed.

If vulnerabilities are discovered, it then becomes a matter of determining whether the vulnerabilities are the result of an error by a developer or something that needs to be addressed by upgrading the platform on which applications are being built and deployed. The challenge, of course, is that platform upgrades might break existing applications, so IT teams need to be careful in deciding how best to go about addressing vulnerabilities, notes Mazur.

On the plus side, however, those decisions will be better informed than ever because developers will have a lot more visibility into vulnerabilities being created and discovered, assuming they are smart enough to fix issues they are likely to lose sleep over later on.

Mike Vizard

Mike Vizard is a seasoned IT journalist with over 25 years of experience. He also contributed to IT Business Edge, Channel Insider, Baseline and a variety of other IT titles. Previously, Vizard was the editorial director for Ziff-Davis Enterprise as well as Editor-in-Chief for CRN and InfoWorld.

Recent Posts

Report: Docker Hub Container Vulnerabilities High

Prevasio, a provider of a cloud service for scanning container images, this week released a report based on a scan…

22 hours ago

Survey Sees Steady Pace of Enterprise Transition to Kubernetes

Volterra, a provider of a hybrid cloud computing platform based on Kubernetes, today published the results of a survey of…

2 days ago

Harness Integrates CI/CD Platform with Amazon ECS

Harness today announced it has added support for the Amazon Elastic Container Service (ECS) Application Orchestration to its namesake continuous…

2 days ago

New Net Technologies (NNT) Launches Change Tracker for Cloud and Container Environments

Company’s Flagship Product Expands its Security and Compliance Capabilities to Support Increased Shift to the Cloud Naples, Florida - December…

2 days ago

Logz.io Launches Prometheus-as-a-Service for Infrastructure Monitoring at AWS Re:Invent 2020

Boston and Tel Aviv, December 1, 2020-- Logz.io, a leading cloud-native observability platform for modern DevOps teams, today announced the…

3 days ago

Styra Declarative Authorization Service Now Available in AWS Marketplace

Styra DAS is the fastest and easiest way for organizations of any size to operationalize Open Policy Agent across Kubernetes,…

3 days ago