Snyk & Docker

Snyk at DockerCon 2021: Security sessions with Red Ventures, theCUBE, and more

Thursday, May 27 is DockerCon 2021, where developers can learn more about building, securing, sharing, and deploying containerized applications with Docker. The free virtual event will include a number of expert talks to help developer teams make the most of the Docker platform to build innovative applications faster than ever.

As a Platinum sponsor and Docker’s key security partner, Snyk will be highlighting ways developers can streamline security as part of their development workflow, with Snyk vulnerability scanning natively embedded into Docker products. Here’s an overview of our partnership with Docker, what’s new with the integration, what you can look forward to at DockerCon 2021. Additionally, Snyk will be releasing new functionality soon to help scale container security and improve remediation. 

Snyk’s partnership with Docker

As Docker has grown in popularity, so too has the number of vulnerabilities in commonly used container images. That’s why Snyk’s partnership with Docker is aimed at integrating container scanning seamlessly into existing developer workflows. This ensures that development teams are detecting and remediating security issues as early as possible without slowing down development.

That’s why Snyk’s partnership with Docker is aimed at integrating container scanning seamlessly into existing developer workflows. This ensures that development teams are detecting and remediating security issues as early as possible without slowing down development. 

Embedding Snyk into the main Docker development tools — from Docker Desktop to Docker Hub and the CLI — enables developers to quickly remediate container vulnerabilities so they can more confidently deploy their Docker images. Docker security scanning is important because it is the primary way to find and fix vulnerabilities in container images before pushing the image to Docker Hub or other registries being used. Furthermore, this can dramatically improve the security posture of an organization without impacting developer productivity. In fact, shifting security left and finding vulnerabilities early in the development process can reduce costs by up to 5x at many organizations.

New image scanning features to look out for

Docker and Snyk first integrated with Docker Desktop, which is great for Windows and macOS users, but the number of Docker engines running on Linux is huge. So for that user base, Docker and Snyk have now added the docker scan functionality to the Docker engine for Linux, which is in preview. If you prefer Linux for your development environment or if you use Docker extensively in your CI pipelines, you can use this feature to build image scanning directly into your workflows. This feature works the same as the Docker Desktop integration, so developers can use flags to include Dockerfiles during scanning, display any packages impacted by vulnerabilities, specify a threshold severity level for alerting (or breaking builds, if you’re using this in pipelines), and more.

If you’ve signed up for your free Snyk account, there are new features available now that add even more container security capabilities. For example, developers can now scan their Dockerfiles directly from Git repos to get immediate base image recommendations before building images. These fixes can be made by using Snyk’s Fix PR feature, allowing PRs to be opened automatically, if you choose. 

In beta now, but available soon, you can use Snyk to support even more container use cases where a Dockerfile may not be available. Maybe you’ve grabbed a shared image, but don’t know where the Dockerfile is stored. Or maybe you use tools like Jib or Cloud Native Buildpacks, which don’t use Dockerfiles at all. Today, Snyk and Docker can scan these images and tell you about the vulnerabilities, but you won’t get base image upgrade recommendations. The coming update improves Snyk’s base image recommendation engine to support all these use cases and more. This feature is in private beta now and will be available soon. 

Learn more about the Snyk integration with Docker.

What to expect at DockerCon 2021

As a Platinum sponsor at DockerCon 2021, Snyk will be participating in several talks and interviews. Here’s what you can expect:

  • A live panel on security at 2:45 p.m. ET including Liran Tal, Developer Advocate at Snyk. Other panelists include Justin Cormack, Docker’s CTO, and guests from ControlPlane and Isovalent.
  • A talk by Red Ventures at 4:00 p.m. ET about how the company uses Snyk Container scanning to secure thousands of Docker images automatically. 
  • A container security presentation at 4:00 p.m. ET by Matt Jarvis, Senior Developer Advocate at Snyk about how to prioritize and remediate vulnerabilities detected within your container images.

Want to learn more about container scanning with Snyk? Stop by our virtual booth at DockerCon 2021 this Thursday to jumpstart your container security efforts.