Containers’ security is one of the emerging topics in those companies moving this technology into production. A few small players emerged to compete exclusively in this portion of the market but now is time for larger companies, like Docker, to offer solutions in this space.
On May 10th the company released Docker Security Scanning, a tool able to provide risk and compliance management on docker images stored in private repositories on Docker Cloud and Official Repositories on Docker Hub.
Formerly known as Project Nautilus, Docker Security Scanning performs binary-level scanning of container images and, using data pulled from external CVE databases, creates an image security profile (Docker uses the terminology bill of materials – BOM).
When one of those databases publish a new vulnerability, the system performs a new scan on the images and notifies the repo administrator if a match occurs.
Docker Security Scanning is available today in Docker Cloud for private repo plan customers for a limited time free trial. You can also see scan results for Docker’s Official Images on Docker Hub as long as you are logged in, regardless of if you are a subscriber or not. Security scanning will be expanding soon to Docker Datacenter and Docker Cloud public repo users.