« Previous 1 2 3 4
Securing containers with Anchore
Secure Containers
It Ends Here
Container images have so many CVEs today that you simply can't risk blindly avoiding their potential pitfalls. Anchore is quick to set up and comprehensive, and the enterprise version looks sophisticated with an easy-to-use dashboard.
To my mind, rather than just listing CVE reference numbers Anchore cuts down on your workload most effectively by offering a link to the pertinent CVEs. For instance, the libc-bin-2.24-11+deb9u1 package reported a "high" CVE rating; by clicking on the reported URL [10], I was presented with lots of useful information relating to which culprits might make a container vulnerable.
As Figure 9 shows, a CVE can have complexities of its own, which means that offering as much information as possible is critical, so you can make informed decisions as to whether an image is safe to use inside a container.
I hope you enjoy trying Anchore; I recommend it whenever possible.
Infos
- CVE: https://cve.mitre.org
- Sink, The State of Open Source Security Report 2019, February 26, 2019, https://snyk.io/blog/top-ten-most-popular-docker-images-each-contain-at-least-30-vulnerabilities/
- Anchore: https://anchore.com
- config.yaml: https://github.com/anchore/anchore-engine/blob/master/scripts/docker-compose/config.yaml
- anchore-engine: https://github.com/anchore/anchore-engine/issues/26
- docker-compose.yaml: https://github.com/anchore/anchore-engine/blob/master/scripts/docker-compose/docker-compose.yaml
- anchore-cli: https://github.com/anchore/anchore-cli
- My security auditing Dockerfile: https://github.com/chrisbinnie/supercontainers/blob/master/Dockerfile
- Anchore Enterprise: https://anchore.com/get-anchore/
- High CVE: https://security-tracker.debian.org/tracker/CVE-2017-1000408
« Previous 1 2 3 4
Buy this article as PDF
(incl. VAT)