Snyk Blog

Protect container images directly from your registries

Written by:
Liron Lifshitz-Yadin

April 30, 2019

0 mins read

We’re happy to share that we are continuing to extend our Container Vulnerability Management offering, now providing integration with your container image registries as well.

Test, monitor and fix vulnerable images

With Snyk’s new container registry integrations, you can scan your container images for vulnerabilities directly from within your registries. You can also monitor the registry images for any newly disclosed vulnerabilities.

Snyk offers remediation advice when vulnerabilities are found. When you include your Dockerfile for testing, Snyk also offers actionable base image remediation advice.

Docker Hub marks the first container registry with which we can integrate; we’ll soon offer additional integrations, including Azure Container Registry (ACR), Amazon Elastic Container Registry (ECR), Google Container Registry (GCR) and Jfrog Artifactory.

Empowering developers

With the addition of registry integrations, we continue to help developers to implement container security seamlessly. Developers can test and easily monitor their registry images for any newly discovered vulnerabilities, and they can choose the way they wish to be alerted accordingly.

Getting started with Docker Hub integration

A new Docker Hub integration option is now available from the snyk.io Integrations page, as in the following image:

wordpress-sync/Screen-Shot-2019-04-28-at-7.14.54

Once you set the integration, you can select and import your images as new projects in Snyk.

The following image shows the Docker Hub repository and tag list:

wordpress-sync/Screen-Shot-2019-04-28-at-7.18.20

Once imported, projects are grouped according to your Docker Hub repositories, and you can use the new dedicated filter to view only your Docker Hub projects. Snyk monitors these images, testing periodically according to your alert settings.

wordpress-sync/Screen-Shot-2019-04-29-at-6.20.00

Get optimal base image remediation advice when you add your Dockerfile

For enhanced remediation advice, you can link to the Dockerfile of the image located in the Git repositories. From the Projects list, click the settings cog for the project you’d like to test to link it with the relevant Git repo and Dockerfile, as in the following example:

wordpress-sync/Screen-Shot-2019-04-25-at-11.00.34

Once added, Snyk offers the remediation advice that is optimal for upgrading your base image to a more secure version; alternatively, Snyk recommends a rebuild when the base image you’re using is outdated.

Once added, Snyk advice can include:

  • Minor upgrades—the safest and best minor upgrade available

  • Major upgrades—an option for a major upgrade which will reduce more vulnerabilities but with greater risk

  • Alternative upgrades—viable alternative image options for replacing your current base image with other, different base images that provide the least amount of vulnerabilities possible.

  • If your base image is outdated, Snyk also recommends rebuilding your image.

Following is an example of such recommendations:

wordpress-sync/Screen-Shot-2019-04-27-at-21.51.02

For more information about our Container Vulnerability Management solution, read our new documentation.

Stay tuned for more announcements coming soon!

Developer-first container security

Snyk finds and automatically fixes vulnerabilities in container images and Kubernetes workloads.

Book a live demoStart free

Posted in:Container Security

How to Build a Security Champions Program

Snyk interviewed 20+ security leaders who have successfully and unsuccessfully built security champions programs. Check out this playbook to learn how to run an effective developer-focused security champions program.

See the playbook
Patch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo SegmentPatch Logo Segment

Snyk is a developer security platform. Integrating directly into development tools, workflows, and automation pipelines, Snyk makes it easy for teams to find, prioritize, and fix security vulnerabilities in code, dependencies, containers, and infrastructure as code. Supported by industry-leading application and security intelligence, Snyk puts security expertise in any developer’s toolkit.

Start freeBook a live demo

Product

What is Snyk?Snyk Code (SAST)Snyk Open Source (SCA)Snyk ContainerSnyk Infrastructure as CodeSnyk AppRisk (ASPM)Developer Security PlatformApplication securitySoftware supply chain securitySecure AI-generated code DeepCode AIPricingDeployment optionsIntegrationsIDE pluginsGit SecurityCI/CD pipelines securitySnyk CLISnyk LearnSnyk for JavaScript

Resources

DocumentationSnyk API DocsAPI statusDisclosed vulnerabilitiesSupport portal & FAQ’sBlogSecurity fundamentalsResources for security leadersResources for ethical hackersVulnerability DatabaseSnyk OSS AdvisorSnyk Top 10VideosCustomer resources

Company

AboutCustomersCareersEventsSnyk for governmentPress kitSecurity & trustLegal termsPrivacyFor California residents: Do not sell my personal informationWebsite Terms of Use

Connect

Book a live demoContact usSupportReport a new vuln

Security

Application SecurityContainer SecuritySupply Chain SecurityJavaScript SecurityOpen Source SecurityAWS SecuritySecure SDLCSecurity postureSecure codingEthical HackingAI in cybersecurityCode CheckerPythonEnterprise CybersecurityJavaScriptSnyk With GitHubSnyk vs VeracodeSnyk vs Checkmarx

© 2024 Snyk Limited
Registered in England and Wales

logo-devseccon