Tripwire, a leading global provider of security and compliance solutions for enterprises and industrial organizations, announced at RSA Conference expanded coverage and support for DevOps environments.
The new vulnerability scanning and compliance functionality of Tripwire for DevOps includes additional container registries and Amazon Machine Image (AMI) types, and supports more of the tools and processes used by organizations to integrate security into DevOps.
Tripwire for DevOps is a software-as-a-service (SaaS) solution that provides configuration assessment and vulnerability management in containers across the DevOps life cycle. By fully automating the assessment of container images in the continuous integration/continuous deployment (CI/CD) pipeline and dynamically testing live instances of application containers in an isolated, cloud-based sandbox, Tripwire for DevOps can establish quality gates at each stage that ensure defined security standards are met. It can also be used to simply monitor and assess repositories, providing visibility into potential risks and without interference to the process.
Tripwire for DevOps has expanded its support to include:
- Google Container Registry
- Quay.io remote registry
- Docker Registry HTTP API V2
- Amazon Elastic Container Registry (ECR)
- Windows and Linux AMIs.
“DevOps environments can look dissimilar from one organization to another, and – depending on organizational requirements or use cases – preferred container registries, tools and workflows can all be different,” said Tim Erlin, vice president of product management and strategy at Tripwire.
“We’ve expanded our DevOps security solutions to work with numerous environments in order to help more organizations embed security into their DevOps practices. By building consistent security practices between DevOps environments and the rest of the organization, Tripwire helps incorporate security consistently across the DevOps life cycle – from build to pre-deployment to production.”
Tripwire solutions extend beyond development stages, offering organizations the ability to assess online, offline, running and non-running containers for vulnerabilities in an effort to drive consistency in security practices across environments.