Docker And Sysdig Partner Up To Secure The Software Supply Chain
Today at DockerCon, Docker has announced the General Availability of Docker Scout. With the integration of Sysdig Runtime Insights, Docker Scout helps developers prioritize risk. This will significantly improve software supply chain security. Let's find out why.
A top priority in the attempt to harden the supply chain is to focus on the containers' security. We've recently examined Wolfi the Linux Unidistro which works by releasing container images already provided with signing and sensible defaults.
Docker has taken an alternative approach by introducing Docker Scout as the replacement of the legacy 'docker scan'.
With 'docker scan' you would manually vet your image for vulnerabilities; Docker Scout however has ditched the old-fashioned manual and scheduled scans behind and instead it embraces a modern event-driven model.
That is, if a new vulnerability affecting your images is announced, Scout shows the updated risk within seconds. Its always alert, updating vulnerability info from 17+ sources in real time and this data is compared with your Software Bill of Materials for up-to-the-minute accuracy.