Tripwire for DevOps offers security configuration assessment of containers

Tripwire unveiled that Tripwire for DevOps now offers security configuration assessment. Made generally available earlier this year as a software-as-a-service (SaaS) solution, Tripwire for DevOps now gives a view of security and compliance risk within DevOps application infrastructure by adding configuration assessment capabilities to the existing vulnerability management capabilities.

“The fundamentals of vulnerability and configuration management should be applied to DevOps application infrastructure just as they should be implemented in the rest of the organization,” said Tim Erlin, vice president of product management and strategy. “Organizations can now use our DevOps SaaS solution to embed secure configuration management, in addition to vulnerability management, directly into the DevOps workflow.”

Tripwire for DevOps automates the assessment of container images in the continuous integration/continuous deployment (CI/CD) pipeline and can test live instances of application containers in a cloud-based sandbox. It can be used to establish gates at each stage to ensure defined security standards are met. It can also be used to monitor and assess repositories, providing visibility of potential risk without interfering with the roll-out process.

Tripwire for DevOps was launched earlier this year as a self-contained SaaS solution for ease of deployment and continuous roll-out of new capabilities and integrations. Integrations and compatibility currently include:

  • Popular DevOps CI/CD build tools Jenkins and TeamCity,
  • Compatibility with all Docker v2 repositories for container assessment,
  • A complete REST API and command line interface for DevOps engineers to write custom integrations.