A Gold Container is the Gold Standard. Here’s How to Create One
By Gregory Dharma LePard, Sales Engineer and Solutions Architect
In software development, the goal is a Gold Container of your code. Simply explained, once the software has been created and tested, this “perfect build” is considered the gold standard. Additional changes are not allowed going forward and distributable copies are generated from this “golden image.”
DevOps pros know that striving for a Gold Container of your code is not only needed, it’s necessary in order to reduce errors, to allow for consistency in code releases, and to save time and money. But while the Gold Container is the goal, getting there is not easy. Bugs often get in the way.
Consider these figures:
- According to preliminary analysis done by the SEI’s CERT® group, approximately 90 percent of all security incidents result from attackers exploiting known software bugs.
- Infoq.com reported in December 2020: half of 4 Million Public Docker Hub Containers were found to have critical vulnerabilities.
- According to the US National Vulnerability Database, in 2019 there were 17,307 new Common Vulnerabilities and Exposures (CVE).
How do you ensure that your Gold Containers are not full of exploitable CVEs? In your effort to patch these bugs, how do you avoid patching those that pose no risk? It’s simple, you need to know your attack surface and set a standard threshold certification that you will allow for all containers.
Rezilion Gives You the Golden Ticket to a Perfect Container
Rezilion provides DevOps and DevSecOps teams with turnkey tools to allow you to easily identify the actual attack surface of your code in Continuous Integration (CI), production, or both.
With our platform, teams will:
- Have the ability to identify and understand the true attack surface of your code.
- Know what is loaded into memory and what is not.
- Have with the tools necessary to set a Gold Container threshold with no CVEs.
- Enjoy dynamic results and new CVEs will be identified immediately.
- Understand what is high and low risk to reduce patching time by up to 70%.
Getting to Golden
If you want to make a Gold Container, what do you do? First, identify what, if any, CVEs are in the container itself:
As you can see on the above container you can:
- View each of your containers and identify if they are certified or not based your threshold certification.
- Identify what your threshold certification is set at. For example, if set for CVEs over “9”, Rezilion is constantly dynamically scanning and you will always know if your container has exploitable CVEs that are more than your set threshold.
- New CVEs will be flagged so you can always be sure that the certification level set by your company will be applied to all containers.
The above container showcases how you can quickly see all vulnerable packages in prioritized order. This enables you to know where you need to focus your patching to ensure that each container is a Gold Container certified based on the threshold requirements you set. Additionally, Rezilion makes it easy to find your containers to see if they are certified. You can use tagging to allow for more granular searches:
A simple drop list as shown above, allows for quick and easy searches of all the containers in your environment, provides you with accuracy, and that every container you have is at or above the threshold certification you set.
Rezilion makes your Gold Containers more secure than ever before. The best part? It’s all automated, and the information comes to you via a dashboard. You will know exactly where patching needs to be done and you continue to meet the standards you set.
Contact us today to set up a demo and answer any questions you may have.