Security is a major area of focus here at PolarSeven, we aim to enable and automate security patterns crucial to the success of applications deployment. Since Docker has matured, the need to secure Dockerized workloads has increased. Both free and commercial tools are available for helping to harden your Docker stack.
Clair is an open source project for the static analysis of vulnerabilities in application containers images. Clair performs static analysis of container images and correlates their contents with public vulnerability databases all before the containers hit the registry.
If you want to be sure that the images you are running are
– do not contain versions of software with known vulnerabilities which may put both the host and your data are at risk scan those Docker images before releasing them into your Docker registry.
I found out that Clair can run as part of the CI/CD pipeline which I was surprised about, it inspects container images after they were built and before being released into the Docker registry. The vulnerability scan can be included as part of the security tests, possibly stopping the pipeline.
Organisations running Dockerized workloads from start-ups with one or two people, to major multinational corporations and everything in between should be scanning their containers before they are released to production.