The latest Docker Build show features new Snyk & Docker workshop
2020 was a busy year for Docker and Snyk! In the same year, we announced (and released) Snyk-powered vulnerability scanning within Docker Desktop and Docker Hub. We expect 2021 to be bigger as we grow these products and release Snyk-secured Docker Official Images.
Snyk and Docker’s goal for our partnership is to help developers more easily build secure containers. By creating awareness around the risks they bundle into container images via their choice of base image and open source components, we are helping them do just that. Packaging the Snyk CLI within Docker Desktop was the first milestone for our partnership. Now developers using Docker to build their containers can scan for risks introduced by their base image and application as easily as “docker scan.” We outline how this fits within other container security best practices for developers in our Guide to Container Security for Development Teams, which we co-wrote with Docker.
Part of building securely involves organizational consensus about acceptable levels of risk. Application security best scales when not only developers, but also operations and security teams are aware of, and understand, the risks in their code. Integrating Snyk in Docker Hub is our way of giving security and operations teams a high-level overview of what’s in the container images their developers deliver.
For more information on those risks, Docker Hub directs them to Snyk, where they can not only see how developers are managing those risks, but also participate in the remediation process through policies that help them prioritize what they fix.
How to establish a security culture
We empower organizations with a platform to help developers find and fix issues faster, while providing operations and security with the visibility they need. As a result, we help organizations establish a security culture built on trust and awareness.
Last week I joined Docker Evangelist Peter Mckee on Docker Build: Build Secure Containers with Docker and Snyk to share our message. We showed how Docker and Snyk, together, keep application delivery pipelines flowing and production workloads secure. In case you missed it, we published the demo as a hands-on Lab in the Snyk Academy titled “Build Secure Containers with Docker and Snyk,” which you can follow with a sample application or with your own code.
To wrap things up, last year was a busy one for Docker and Snyk, but it was just the beginning. We look forward to continuing to work with Docker and deepening our integrations in 2021.