Every container image protected by Sysdig is tested against VulnDB, the largest database of vulnerability data; remediation steps simplify time-to-resolve vulnerabilities
Today, Sysdig also announced how JW Player is using Sysdig to securely deliver video to more than 1 billion users.
There is an inherent security risk as organizations assemble code to save time, instead of writing from scratch. The 2020 Container Security Snapshot highlights that 53 percent of non-OS packages have “high” or “critical” level vulnerabilities. Although teams may be scanning for OS packages, many developers are unaware of risk being introduced into their applications via third-party packages, dependencies, and misconfigurations.
Reduce security risk and speed the fix
Image scanning is critical to the ‘shift-left’ approach for security and should be integrated into the build process to validate images added to the container registry, and during runtime to ensure new vulnerabilities, secrets, and license violations are not introduced during production. Image scanning is one of 10 workflows that span security, compliance, and monitoring that Sysdig provides to help organizations manage security risk and maximize availability. As Sysdig scans images, VulnDB provides Sysdig customers with increased vulnerability coverage and further strengthens reporting on vulnerabilities.
VulnDB provides more than 76,000 additional vulnerabilities not found in the publicly available Common Vulnerabilities and Exposures (CVE) database and provides the most comprehensive vulnerability database. The new VulnDB view in the Sysdig dashboards helps organizations to quickly identify vulnerabilities, recommend a fix, and speed remediation. For each vulnerability detected, developers can immediately see every package affected, along with the version impacted and the Common Vulnerability Scoring System (CVSS) score. The VulnDB and vendor scores help teams focus on high-risk issues and understand who is responsible for the fix.
Read More: Top Vulnerabilities that CIOs Need to Consider as the Workforce Returns to Offices
“There are vulnerabilities in virtually every application,” said Jake Kouns, chief executive officer at Risk Based Security. “The key is having a security partner that alerts you to the ones that need your attention. By including better data from VulnDB in their powerful container and Kubernetes security and monitoring platform, Sysdig has given its customers access to the best vulnerability intelligence on the market.”
“As organizations move to the cloud, they often rely too heavily on default vulnerability data, which isn’t enough for most organizations,” said Omer Azaria, vice president of engineering at Sysdig. “Partnering with VulnDB adds a valuable intelligence feed, enabling us to give Sysdig customers the most comprehensive aggregation of vulnerabilities and visibility to their risks. Addressing issues during the build process is fundamental to accelerating application delivery while managing risk.”
Current Sysdig customers have access to the VulnDB data and will find the new views in their dashboards today. Learn more about Sysdig image scanning.