Virtualization Technology News and Information
Article
Search:
RSS
Follow VMblog.com:
Improve end user experience in VDI, DaaS and physical endpoint environments
Slim.AI Adds Features to Automatically Reduce Vulnerabilities and Improve Container Security, Partners with BigID to Solve Supply Chain Security Concerns

Slim.AI unveiled new capabilities in its Continuous Software Supply Chain Security Solution to help software producers find and continuously remove vulnerabilities, harden container images and reduce container attack surface.

Leading data intelligence platform BigID, an RSA Innovation Sandbox award winner and the fastest growing security company on the 2021 Inc 5000, has begun leveraging Slim.AI's solution to minimize vulnerabilities in the containers it provides to its customers.

Helping Software Producers Protect Their Customers

As part of the new features announcement, security provider BigID joins other design partners in Slim.AI's mission to make hardening containers for production use easier for developers, and thus reduce the complexity of supply chain security and vulnerability remediation. 

As a security company that puts customers first and delivers software solutions to their customers in containers, it's critical for BigID to ensure its containers are vulnerability free, hardened for production, and transparent to end users with information available about their security, composition and contents.

"We were thrilled with the initial results Slim.AI has provided for our application containers," said Gal Malachi, Ddirector of Ssoftware Eengineering and DevSec leader. "The concept of cutting our vulnerability findings in half with a single click is transformational. We are already seeing our container's attack surface reduced by more than 60 percent. This is particularly valuable when we implement Slim.AI's continuous and automated approach to supply chain threat reduction. It ultimately makes our job of securing our software easier and validates for our customers that BigID takes security seriously, even in our development process." 

BigID is leveraging the latest tools from Slim.AI to both identify and mitigate vulnerabilities. The two new features-Automated Container Optimization and Multi-Scanner Vulnerability Reports-help BigID stay on top of the vulnerabilities uncovered by third-party vulnerability scanners and then automatically optimize their containers to make them as safe as possible by removing unused code, binaries and files before shipping them to production.

"BigID is at the forefront of innovation and best practices for securing the software they build," said John Amaral, co-founder and CEO of Slim.AI. "Gal and the security team at BigID are application security thought-leaders and experts. They are the perfect partner for Slim as we evolve our pioneering supply chain security solution." 

Vulnerability Awareness and Remediation 

Slim.AI is best known for their container optimization capabilities, stemming from the popularity of their long-standing open source project, DockerSlim. Slim.AI's new "Continuous Supply Chain Security Solution" adds more security features, tooling, and a better developer experience with a focus on teams and organizations use cases.

"Removing unneeded libraries from containers is arduous work and takes a lot of manual effort for both developers and security teams," said Malachi of BigID. "With Slim's automated solution, we can harden our containers by keeping only what we need for our application to run." 

With container optimization in place, teams and organizations producing containerized software often want to know how many vulnerabilities were removed and which remain. With their latest release, Slim.AI adds Multi-Scanner Vulnerability Reporting that allows users of the platform to scan containers, slim them to remove unnecessary components, then scan them again to document for downstream consumers the volume of threats that have been removed. 

This system provides documentation of vulnerability removal as well as helping developers focus on removing the far-smaller set of threats that remain before pushing code to production.The feature also allows sharing of this information with all downstream partners to assure full transparency.

"As a CTO or CISO in today's environment, you need to be taking every step you can to ship safe, secure and vulnerability free containers, continuously" said Amaral. "This applies equally to third-party, open-source and custom application containers. Removing unnecessary packages, software and files in an automated way, as part of CI/CD is the best, fastest and easiest way to do that."  

Published Wednesday, August 24, 2022 2:31 PM by David Marshall
Filed under: ,
Get This Featured White Paper: DPX: The Backup Alternative You’ve Been Waiting For
You may also be interested in this white paper: IGEL Software Platform Step by Step Getting Started Guide
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
CTE2023
CC2023
big-5g
DTX2023
connected-america
unified-communications
kubecon-eu-2023
disrupt2023
vExpert
Calendar
<August 2022>
SuMoTuWeThFrSa
31123456
78910111213
14151617181920
21222324252627
28293031123
45678910