Sysdig and Docker announced the integration of Sysdig runtime
insights into Docker Scout to help developers prioritize risk and move
faster. Docker and Sysdig will help customers reduce software supply
chain noise, prioritize the insights that matter, and build leaner
container images. Sysdig is the first runtime security integration into
Docker Scout.
Attack surfaces are larger in the cloud and attackers move faster. A
lack of aggregation and correlation of data sets hidden across multiple
tools result in decisions being made without context and teams moving
too slowly. Developers need context about what is running in their cloud
environment to gain visibility and prioritize the threats that matter.
Without it, they waste time attempting to triage a mountain of
monitoring insights, or they ignore alerts that could lead to the next
breach.
The Power of Runtime Insights
By leveraging real-time insights from production - such as in-use
vulnerabilities, multidomain correlation, and in-use permissions - the
Sysdig cloud-native application protection platform (CNAPP) connects the
dots and identifies top risks across the software life cycle.
Docker Scout provides developers with actionable insights across the
software supply chain via context-aware recommendations that result in
improved application reliability and security. With this partnership,
built on a shared open source heritage and commitment to cloud-native
innovation, Sysdig and Docker add additional layers of runtime security
that bring better visibility while empowering development and security
teams to target real, imminent risk.
Benefits of Sysdig Runtime Insights Integration with Docker Scout
-
Ship more secure images: Developers can compare images during the
build phase with those running in production to easily identify risk,
eliminate unnecessary packages, and build leaner container images with a
smaller attack surface. Integration with the Docker Build and Push
GitHub Action provide insight directly within GitHub to avoid committing
risky images.
-
Avoid shift-left security gaps: Shift-left security empowers
teams to make better-informed decisions earlier in the development
process. With Docker and Sysdig, it is possible to correlate image
analysis with runtime context to generate actionable insights for
securing the software supply chain.
-
Accelerate cloud-native application delivery: Software validation
processes are faster when informed by Sysdig runtime insights. By
quickly identifying imminent risks that require immediate remediation,
developers can focus on innovation and deliver cloud-native applications
faster.
-
Reduce monitoring noise: Joint customers can reduce monitoring
noise by up to 95%, separating which vulnerabilities are in use and
which are not. This helps security teams focus on what is most important
and saves time for developers.
What People are Saying
"Organizations need to strengthen security across the entire software
life cycle. With Docker Scout, Docker is giving developers the power to
build more secure images from the start. Incorporating Sysdig runtime
insights means that users can save time by focusing on the real risks
exposed in production. Our partnership will help teams to both shift
left and shield right to protect against breaches without slowing
innovation," said Bryan Smoltz, Vice President of Technology Alliances
at Sysdig.
"Docker Scout proactively provides actionable insights across the secure
software supply chain," said Julien Faure, General Manager for Software
Supply Chain at Docker. "With the Sysdig integration, we're able to cut
through the noise using runtime context. Knowing which packages are in
use allows developers to prioritize what matters and deliver secure
software faster."