« Previous 1 2 3 4

Securing containers with Anchore

Secure Containers

It Ends Here

Container images have so many CVEs today that you simply can't risk blindly avoiding their potential pitfalls. Anchore is quick to set up and comprehensive, and the enterprise version looks sophisticated with an easy-to-use dashboard.

To my mind, rather than just listing CVE reference numbers Anchore cuts down on your workload most effectively by offering a link to the pertinent CVEs. For instance, the libc-bin-2.24-11+deb9u1 package reported a "high" CVE rating; by clicking on the reported URL [10], I was presented with lots of useful information relating to which culprits might make a container vulnerable.

As Figure 9 shows, a CVE can have complexities of its own, which means that offering as much information as possible is critical, so you can make informed decisions as to whether an image is safe to use inside a container.

Figure 9: Not all packages get fixed.

I hope you enjoy trying Anchore; I recommend it whenever possible.

Infos

  1. CVE: https://cve.mitre.org
  2. Sink, The State of Open Source Security Report 2019, February 26, 2019, https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/
  3. Anchore: https://anchore.com
  4. config.yaml: https://github.com/anchore/anchore-engine/blob/master/scripts/docker-compose/config.yaml
  5. anchore-engine: https://github.com/anchore/anchore-engine/issues/26
  6. docker-compose.yaml: https://github.com/anchore/anchore-engine/blob/master/scripts/docker-compose/docker-compose.yaml
  7. anchore-cli: https://github.com/anchore/anchore-cli
  8. My security auditing Dockerfile: https://github.com/chrisbinnie/supercontainers/blob/master/Dockerfile
  9. Anchore Enterprise: https://anchore.com/get-anchore/
  10. High CVE: https://security-tracker.debian.org/tracker/CVE-2017-1000408

The Author

Chris Binnie's latest book, Linux Server Security: Hack and Defend, shows how hackers launch sophisticated attacks to compromise servers, steal data, and crack complex passwords, so you can learn how to defend against such attacks. In the book, he also shows you how to make your servers invisible, perform penetration testing, and mitigate unwelcome attacks. You can find out more about DevOps, DevSecOps, Containers, and Linux security on his website: https://www.devsecops.cc.

« Previous 1 2 3 4

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

comments powered by Disqus