Virtualization Technology News and Information
Black Duck Launches OpsSight: Comprehensive, Automated Open Source Container Security for Production Environments

Black Duck, the global leader in automated solutions for securing and managing open source software, today launched a new product - OpsSight - that provides automatic open source vulnerability detection for containers.

OpsSight, Black Duck's first product specifically targeting the production phase of the software development life cycle, was unveiled by CEO Lou Shipley at the company's annual user conference - Flight2017 - being held Nov. 7-9 at the Seaport World Trade Center.

On Nov. 2, Black Duck and Synopsys, Inc. signed a definitive agreement for Synopsys to acquire Black Duck for $565 million. Officials from both companies have said they expect the deal to close next month.

Speaking at Flight2017 today, Shipley said, "Container technology is revolutionizing the way organizations package, deploy, and manage applications. Increasingly IT operations teams depend on container orchestration platforms to manage large scale container deployments. However, as the number of containers grows, so does the complexity of validating the contents and securing container images in production.

"OpsSight allows operations team to be sure deployments are free from known open source security vulnerabilities because it provides full visibility into and control over the open source in the container images," he said.

Black Duck said that OpsSight will be optimized to work in a variety of container orchestration platforms and the version released today has been optimized for Red Hat's OpenShift, the industry's most secure and comprehensive enterprise-grade container platform based on industry standards, Docker and Kubernetes.

"As organizations undergo digital transformation, they are increasingly turning to container technologies to help deploy flexible, cloud-native applications," said Julio Tapia, director, OpenShift ecosystem, Red Hat. "The only container application based on the world's leading enterprise Linux platform, Red Hat OpenShift Container Platform offers an enterprise-grade Kubernetes foundation to build and deploy these applications at scale. The addition of Black Duck OpsSight helps to provide a scalable container security scanning solution to the enterprise container stack, enabling organizations to accelerate along the path to innovation."

In his opening-day talk to customers from around the world Shipley detailed the value OpsSight delivers:

  • Automated scanning and inventorying of all open source in container images as they are instantiated or updated
  • Identifying and highlight any images that contain known security vulnerabilities
  • Flagging containers that violate open source security policies to prevent them from being deployed to production
  • Automated alerts when any newly discovered vulnerabilities may affect containers in your registry.

Shipley said OpsSight's development was driven by customers' questions and their expressed needs for a production-centered security and management product such as OpsSight.

Published Wednesday, November 08, 2017 5:11 PM by David Marshall
Filed under: ,
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<November 2017>