Latest release of free Aqua MicroScanner™ enables developers to automatically scan images for known vulnerabilities during Jenkins build
Boston, MA – June 13, 2018 – Aqua Security, the market-leading platform provider for securing container-based and cloud-native applications, today announced at DockerCon a native Jenkins plug-in for Aqua MicroScanner, the company’s free-to-use vulnerability scanner for Docker container images. The plug-in allows developers to automate vulnerability scanning as part of their build process, even before Docker images are built, stored, and shared.
“As developers continue to discover the benefits of using containers, and new members are joining the community every day, the need to provide easy, automated security scanning increases,” said Liz Rice, technology evangelist at Aqua. “Since we launched MicroScanner earlier this year, the number one request was for easier automation – which we’re now providing with the native Jenkins plug-in.”
By building applications based on existing open-source code, developers accelerate the pace of innovation and improve efficiency. However, this 3rd party code introduces potential risks and vulnerabilities, which is why scanning Docker images is highly recommended, and should be performed as much as possible as part of the automated image build processes.
Aqua MicroScanner works by embedding an executable and a step in the Dockerfile, which triggers a scan during the image build. This generates a report of the vulnerabilities found and suggested remediations. Optionally, the developer can choose to automatically fail a build when high severity vulnerabilities are found. This way, images that include vulnerable code are never built, allowing developers to “fail fast” and fix issues before images are stored in registries and deployed in production.
Aqua MicroScanner checks OS packages in Docker images for known vulnerabilities based on multiple aggregated sources, including NVD, vendor security advisories, and information from software developers themselves. In addition, the Aqua Security Research Team further compares and resolves the results to keep track of any updates or differences, and to eliminate false positives.
For additional information and to get the Aqua MicroScanner and plug-in for Jenkins:
- Blog: Jenkins Plug-In for Aqua MicroScanner
- Aqua MicroScanner on Github
- Aqua MicroScanner Jenkins plug-in
About Aqua Security
Aqua Security enables enterprises to secure their container and cloud-native applications from development to production, accelerating application deployment and bridging the gap between DevOps and IT security. Aqua’s Container Security Platform provides full visibility into container activity, allowing organizations to detect and prevent suspicious activity and attacks in real time. Integrated with container lifecycle and orchestration tools, the Aqua platform provides transparent, automated security while helping to enforce policy and simplify regulatory compliance. Aqua was founded in 2015 and is backed by Lightspeed Venture Partners, Microsoft Ventures, TLV Partners, and IT security leaders, and is based in Israel and Boston, MA. For more information, visit www.aquasec.com or follow us on twitter.com/AquaSecTeam