Back Issues This Week → Calendar → Current Issue → Popular →

All issuesVolume 320, Issue 1IT NewsCloud

Unlocking The Full Potential Of Container Vulnerability Scans

Cloud Native Now, Monday, November 4th, 2024

While many security best practices can be integrated into container development processes, such as using minimal base images and signing container images, container vulnerability scanning remains one of the simplest ways to help protect applications running on Kubernetes.

Given the complex dependencies of container images, which can rely on other container images with potential vulnerabilities, it is crucial for developers to proactively identify and address container security vulnerabilities before deployment.

A recent GitLab study found that only 26% of the respondents said their organizations are currently using container scanning to enable security in the software development lifecycle. Additionally, 58% of security respondents expressed they have a difficult time getting development to prioritize the remediation of vulnerabilities. More than half the security respondents said security vulnerabilities are mostly discovered by the security team after code is merged into a test environment.

more →  ·  More from Cloud →