Docker partners with Snyk on container image vulnerability scanning
Software container company Docker Inc. said today it’s teaming up with the British cybersecurity startup Snyk Ltd. to provide what it said is the first native vulnerability scanning service for container images.
The companies said they intend to create a more streamlined workflow that will secure the application development process for millions of developers who work with Docker containers. For the first time, developers will have continuous security integrated with their preferred container tools, ensuring greater agility and productivity when creating applications, enabling them to build containerized applications faster and with more confidence, the companies said.
The process of fixing vulnerabilities in container images has always been an extremely cumbersome one that involved adding several steps to the developer workflow. By partnering with Snyk, Docker said, it’s giving developers the ability to automatically find vulnerabilities in open source software libraries and container images.
It’s an important new capability for developers as software containers are increasingly becoming the most preferred environments for modern applications as they abstract away the underlying hardware. As such, developers can build container apps just once and have them run on any kind of computing platform.
The initiative is part of a new strategy outlined by Docker executives earlier this year. Following the sale of its enterprise business to Mirantis Inc. last year, the company has refocused its efforts on providing a much smoother developer experience instead. The company plans to create a fully supported DevOps toolchain for developers working with containers.
The partnership should also be good for Snyk, which has big ambitions after securing a $150 million Series D funding round in January that cemented its “tech unicorn” status with a valuation of more than $1 billion.
Justin Graham, Docker’s vice president of products, said the partnership with Snyk means developers will be able to find and fix vulnerabilities far more easily than before.
“We are giving developers and development teams the peace of mind that container images stored in their Docker Hub repositories are scanned, and vulnerabilities identified and communicated to them, while eliminating extra steps in their application development workflow,” he said.
“This partnership is making security a top priority in the container application development process and setting a new standard for early and continuous application security driven by the development team,” said Aner Mazur, chief product officer at Snyk.
Software containers are nowadays the favorite method of developers to scale workloads, and it’s up to companies such as Docker to make them more productive, Constellation Research Inc. analyst Holger Mueller told SiliconANGLE.
“Docker‘s partnership with Snyk achieves that, so it is a key contribution to make containers more robust for enterprises and help developers build containerized apps,” Mueller said.
The companies said Snyk’s image scanning service will be made available to Docker users in the third quarter of this year.