Advanced Computing in the Age of AI | Tuesday, July 23, 2024

New Security, Automation Tools Emerge for Containers 

New approaches to automating the management of open source software, especially emerging Linux-based application containers, are arriving at a steady pace from key open-source players and startups formed over the last several years to make enterprise DevOps teams' task a little less onerous.

Among them are new security tools from Black Duck Software designed to scan application containers to map open source security vulnerabilities. Another emerged this week from Red Hat's (NYSE: RHT) recently acquired Ansible unit: the latest version of an open source IT automation framework focused primarily on automating hybrid cloud deployments with a particular emphasis on Microsoft Windows (NASDAQ: MSFT) as well as OpenStack.

Black Duck's release builds on a collaboration agreement with Red Hat announced last year.

Along with a new set of modules for managing OpenStack (a move that addresses complaints about the difficulty of deploying the open source cloud platform), the new batch of automation tools from Red Hat includes "substantial improvements" to a Docker container module along with a new Docker connection plugin.

Red Hat also said this week Ansible 2.0, which is available now, also includes expanded support for managing Windows, Amazon Web Services (NASDAQ: AMZN) and configuring VMware (NYSE: VMW). Red Hat said the new release also boosts support for network automation.

Combined, the release includes more than 200 modules targeting public, private and hybrid clouds that support containers, including emerging Windows support for micro-services.

Meanwhile, Black Duck, also said Tuesday (Jan. 12) it has added scanning capabilities to its Hib software designed to help map vulnerabilities in open source code used in applications, Linux distributions along with Docker and other Linux-based containers.

The scanner capability deployed on a Docker host allows DevOps teams scrambling to keep up with the rollout of micro-services like application containers to monitor the security of deployed applications. The security challenge arises from the fact that containers can come from a variety of sources that often bundle specific applications with operating system and other software files. That makes detecting open source vulnerabilities even more challenging as micro-service platforms deliver huge volumes of enterprise applications.

Black Duck, Burlington, Mass., also said its Hub platform is intended to giver DevOps teams the ability to inventory open source components to ensure that only secure application containers are deployed. "Enterprise DevOps groups are eager to take advantage of the cost savings and agility that containers provide, but they have been cautious to adopt them because of security concerns," Mike Pittenger, Black Duck's vice president, noted in a statement.

Black Duck and Red Hat began collaborating last fall in an effort to develop a framework for verifying that application containers are free of known vulnerabilities and include only "certified" content."

"This is a step forward in achieving the goal we announced with Red Hat" in October 2015, Pittenger said.

Added Mike Werner, senior director of Red Hat's Global Technology Ecosystems unit: "The potential of containers is significant, but we believe it can only be fully realized in the enterprise if container security – understanding what's inside the container, and the ability to detect and address vulnerabilities – is addressed.

About the author: George Leopold

George Leopold has written about science and technology for more than 30 years, focusing on electronics and aerospace technology. He previously served as executive editor of Electronic Engineering Times. Leopold is the author of "Calculated Risk: The Supersonic Life and Times of Gus Grissom" (Purdue University Press, 2016).