Snyk and Docker have partnered up to help developers securely build and use containers and open source.
Docker stated that it will provide native vulnerability detection and fixes powered by Snyk. Developers can get a report of their container image vulnerabilities after a quick ‘docker scan.’ They then receive guidance to help fix the reported issues.
According to Snyk’s 2019 State of Open Source Security report, 54% of developers currently do not test their container images during development, and yet there was a 4x increase in reported operating system vulnerabilities, in 2018.
“In the context of container building, developers’ responsibility mainly lies in picking the appropriate base image and adding it in their tools, rather than handpicking or recompiling vulnerable dependencies. Put these two together, and the typical laundry list of container vulnerabilities is of little use and very far from being actionable,” Snyk wrote in a blog post.
Snyk helps users select Docker Official images from the same family with fewer vulnerabilities, and then alerts them when Docker pushes updates to the base image that is in use.
Developers also get continuous security at the desktop level and throughout the inner and outer loop development process with the integration of Snyk’s developer-focused image scanning technology and vulnerability database into Docker.
“The addition of scanning images in Docker through the new integration with Snyk means that developers are more easily able to find and fix vulnerabilities throughout the development process,” said Justin Graham, the vice president of Products at Docker. “We are giving developers and development teams the peace of mind that container images stored in their Docker Hub repositories are scanned, and vulnerabilities identified and communicated to them, while eliminating extra steps in their application development workflow.”
Additional details are available here.