secure containerized applications

Snyk and Docker partner to secure containerized applications

Jim Armstrong
May 19, 2020 | in Container Security, Partners
| By Jim Armstrong

We are excited to announce our latest partnership, this time with the biggest name in the container industry—Docker. For the first time, Docker, the favorite container development tool for millions of developers, will provide native vulnerability detection and fixes, powered by Snyk. Together, Snyk and Docker will help developers securely build and use containers and open source. Development teams can create and ship their container-based applications with confidence, without requiring an advanced background in security and operating system administration. 

Security will be part of the Docker development workflow

According to Snyk’s State of Open Source Security report, 54% of developers currently do not test their container images during development, and yet there was a 4x increase in reported operating system vulnerabilities, in 2018. But if you’re a developer, you’ve likely run `docker build`, `docker run`, and `docker push` commands. Now imagine running a `docker scan` and, within a few seconds, you get a report of all your container image vulnerabilities. What’s more, because the scans are powered by Snyk you get guidance geared to helping developers fix the reported issues.

Simplified workflows designed for developer-first security

If you’ve ever read a CVE report for a vulnerability, you know it tells you which files are affected by a certain vulnerability. But in the context of container building, developers’ responsibility mainly lies in picking the appropriate base image and adding it in their tools, rather than handpicking or recompiling vulnerable dependencies. Put these two together, and the typical laundry list of container vulnerabilities is of little use and very far from being actionable

Snyk provides fix guidance targeted at developers using containers. For issues introduced by your base images, Snyk helps you select Docker Official images from the same family with fewer vulnerabilities, and alerts you when Docker pushes updates to the base image you’re currently using, as shown in the example below for the `node:10.4.0` base image.

For issues in user layers, Snyk directs you to the line in your Dockerfile that introduces a particular vulnerability. Snyk’s ability to show the Dockerfile detail along with full dependency tree information makes it simple to figure out how to fix the problem.

Snyk and Docker increase developer efficiency to secure containerized applications

Finding out that your application or containers have serious vulnerabilities is never pleasant, particularly when it comes late in the deployment cycle and blocks apps from reaching production. Even worse is getting a long list of vulnerabilities written for hardcore security practitioners with fixes that assume you’re a sysadmin maintaining operating systems in a virtual machine.

In the same way that Docker made containers easy to use for developers, Snyk helps developers use containers and open source and stay secure. Only when security is embedded into developers’ workflow is it possible to scale security while increasing the pace of application delivery. With the integration of Snyk’s developer-focused image scanning technology and vulnerability database into Docker, developers get continuous security at the desktop level and throughout the inner and outer loop development process. 

Snyk is coming soon to a Docker near you

The Snyk and Docker partnership marks the first security integration for Docker, with Snyk as the exclusive provider of native vulnerability scanning to Docker services used by millions of developers who gain continuous security integrated into their inner-loop development process. 

We’re excited about the work both teams are doing to deliver the industry’s first combined container development and application security tools. Snyk is also proud to be a Platinum sponsor of DockerCon, kicking off May 28 at 9:00 am PT / 12:00 pm ET / 4:00 pm GMT. Snyk CEO, Peter McKay, will be joining Docker CEO Scott Johnston on theCube at 5:30 ET / 2:30 PT to talk about the partnership. For Docker’s perspective on the new partnership, check out Docker’s blog post and the joint Docker/Snyk press release

Two other snykers will also be presenting sessions at DockerCon. Sign up for DockerCon to attend the sessions below:

Stay secure!