In
software supply chain security, knowing your software means knowing what's in
it-for better or worse. Slim.AI has launched Container
Intelligence, a free and open service that anyone can use to quickly gain
valuable insights into what's in the most popular container images that they're
baking into their software every day.
Despite
the supercharged emphasis on security in the software industry, containers now
have more vulnerabilities than ever before; moreover, a worrisome gap exists
between developers and leadership on resources needed to address the problem.
These findings are detailed in the second annual Slim.AI Public Container
Report, published today and available for complimentary download.
Slim.AI
aims to help close the gaps identified in the report by making Container Intelligence available to everyone,
free. Container Intelligence scans more than 160 popular public container
images making up 30% of total global pull volume using a combination of
open-source and proprietary scanning tools. Slim.AI will quickly expand the
dataset to cover the majority of public containers used by developers today
across multiple registry providers. Developers can use Container Intelligence to make informed
decisions when selecting containers or containerized applications for use in
their tech stacks.
"Democratizing
information about the security posture of public containers is critical if we
want to meet the challenges of today's software supply chain," said John
Amaral, co-founder and CEO at Slim.AI. "At Slim.AI, we believe in sharing
information we have about the security and usability of public containers with
developers so that they can make informed decisions about the containers they
work with."
Key Features of ‘Container Intelligence' by Slim.AI:
- Publicly available
container profile pages on the Slim.AI website - no login, no
registration needed.
- Profiles include
vulnerability counts by severity, container construction details, and package
information, along with comparisons to similar public containers.
- Containers are fully
searchable and categorized according to use case (for example, base images,
CMSs or DevOps tools).
- The data is updated daily
to ensure freshness.
Slim.AI
will be adding more capabilities to Container Intelligence throughout the
coming year. Future enhancements will include expanding the database to include
more public registries, adding comparative analysis across images and providing
container update notifications.
Taking It to the Next Level with Slim.AI
For
those who want to know even more about their containers, developers can log in
to the Slim.AI platform from the Container Intelligence page to analyze their
own private containers, get vulnerability reports from multiple scanners, and
automatically harden their container images for production.
Additionally, Slim.AI
has been adding functionality for teams and is accepting a limited number of
organizations into its design partner program.