Sonatype, the leader in software supply chain automation, today announced that it has incorporated Lifecycle Container Analysis (LCA) into its popular Nexus Lifecycle solution for automating the flow of components through modern software supply chains. Modern development teams can now automatically examine the quality and security of application components within containers moving through their DevOps pipeline.
While containers bring greater efficiency to application development, they are not without their weaknesses. According to the July 2016 Gartner report, How to Secure Docker Containers in Operation, properly configured containers cannot provide 100% isolation for applications and therefore can still be compromised. In fact, Gartner lists malicious software components as one of two main threat vectors that can compromise container security.
“Security concerns are one of the chief reasons why organizations have not swiftly moved containers into production,” said Wayne Jackson, CEO of Sonatype. “Containers are just a new type of part flowing through modern software supply chains and with LCA, Nexus Lifecycle customers can be confident that the components inside their containers are the highest quality and free from known vulnerabilities.”