Several companies announced new products and functionality at this week’s DockerCon18 conference in San Francisco. Among the announcements were:
Red Hat was talking about the initial public release of its Buildah command-line utility for creating or changing Linux container images. Buildah, according to the company, makes the images easier to integrate into build pipelines.
Buildah enables users to reduce complexity and security workflows by offering the bare necessities for container development – most critically, removing the daemon so organizations can run containers without the need to provision special infrastructure, the company said in a June 6 announcement of the 1.0 version.
In this new version, external read/write volumes can be added during builds, allowing developers to reference the volumes without having to include them in the completed image.
The release also comes with enhanced security, as images created in Buildah will support FIPS mode to better comply with federal standards for computer systems.
It also offers such things as multi-state builds and multiple container transport methods for pulling and pushing images, according to the announcement.
Atomist: SDM support for Docker+Kubernetes
Atomist, the company delivering the API for software, today announced Software Delivery Machine (SDM) support for Dockerized applications and deployment to Kubernetes.
Atomist’s platform provides SDMs that automatically build and deploy Dockerized applications to Kubernetes managed environments. A customer’s SDM responds to code change events from the Atomist platform, intelligently builds new Docker containers as required, and deploys them into the right Kubernetes environments based on each customer’s unique software delivery needs. An entire organization’s applications can be managed using an SDM, providing the scale required for modern enterprise application development.
Atomist’s event-driven approach provides a flexible way to control software delivery at scale. New functionality can be added to an SDM with extension packs written in a fully functional programming language (TypeScript). Developers stay in control using code, and manage it all with familiar tools such as GitHub and Slack.
Aqua Security: Extending vulnerability scans
Aqua Security announced a native Jenkins plug-in for Aqua MicroScanner, the company’s free-to-use vulnerability scanner for Docker container images. The plug-in allows developers to automate vulnerability scanning as part of their build process, even before Docker images are built, stored, and shared.
“As developers continue to discover the benefits of using containers, and new members are joining the community every day, the need to provide easy, automated security scanning increases,” said Liz Rice, technology evangelist at Aqua.
By building applications based on existing open-source code, developers accelerate the pace of innovation and improve efficiency. However, this code introduces potential risks and vulnerabilities, which is why scanning Docker images should be performed as much as possible as part of the automated image build processes.
Aqua MicroScanner works by embedding an executable and a step in the Dockerfile, which triggers a scan during the image build. This generates a report of the vulnerabilities found and suggested remediations. Optionally, the developer can choose to automatically fail a build when high-severity vulnerabilities are found. This way, images that include vulnerable code are never built, allowing developers to “fail fast” and fix issues before images are stored in registries and deployed in production.
Aqua MicroScanner checks OS packages in Docker images for known vulnerabilities based on multiple aggregated sources, including NVD, vendor security advisories, and information from software developers themselves. In addition, the Aqua Security Research Team further compares and resolves the results to keep track of any updates or differences, and to eliminate false positives.
Sumo Logic: Enhanced Kubernetes, Docker capabilities
Sumo Logic announced new enhancements to its platform, including new capabilities for monitoring Kubernetes and Docker, converting logs to metrics, and contextualizing metadata.
Sumo Logic’s out-of-the-box insights into Kubernetes and Docker already addressed a major blind spot for organizations adopting microservices and cloud. Now it supports Kubernetes wherever it is running and offers native support for Amazon EKS. With new support for performance metrics and metadata, customers will be able to ingest information relevant to monitoring Kubernetes clusters, allowing them to proactively resolve customer issues and reduce downtime.
The company has also made it easier to extract performance metrics and key performance indicators from unstructured logs. These metrics can be used with the Sumo Logic time series engine to get better analytics.
“The world is moving from commoditized solutions to personalized ones that address very specific customer pain points, and that requires an agile and flexible platform built for the cloud,” said Bruno Kurtic, founding VP of product and strategy at Sumo Logic. “Traditional analytics tools have failed organizations because they can no longer deliver the visibility needed to support the investment customers are making in modern architectures at scale. The new enhancements to Sumo Logic’s platform not only provide real-time access to machine data analytics as a service, but also make data easily accessible to everyone enabling organizations to leverage these insights to drive better experiences for their customers.”
Sysdig: Container security updates
Sysdig announced the latest release of its container and microservices security solution. Sysdig Secure 2.0 provides vulnerability management, more than two hundred compliance checks and security analytics.
According to the company, today development teams need to build, adapt and change quickly without sacrificing security. The latest release aims to make app security, compliance and quality easier for developers.
Within its vulnerability management capabilties, the 2.0 release includes static image scanning, CI and CD integrations, ability to kill or quarantine vulnerability images and runtime vulnerability management and scanning. In addition, it provides compliance controls, audit checks, policies, results, and rich metrics about events, compliance and vulnerabilties.
“Due to the newness of containers and the dynamic environment, container security for cloud-native applications poses several new challenges,” said Loris Degioanni, CTO and founder of Sysdig. “Sysdig Secure 2.0 ensures that developers, operations, and risk professionals have a single source of intelligence to monitor and secure their applications.”
Instana: Code-level visibility and monitoring
APM provider Instana announced new code-level visibility and monitoring updates for microservice applications. The new capabilties feature automatic instrumentation for apps written in PHP and REST API support for Python monitoring capabilities.
“With polyglot microservice applications becoming more prevalent, DevOps teams need as much monitoring automation as possible, especially with their application management tools,” said Pete Abrams, Instana co-founder and COO. “By providing code level visibility for PHP that requires no server re-starts or even configuration, we’re allowing DevOps teams to become more autonomous while simultaneously becoming more efficient in their monitoring of production applications.”
Instana’s APM solution is designed to automate the management of business apps running in the cloud, in containers, as microservices or in serverless environments.