WhiteSource, the leader in open source security and license compliance management, announced support for GitHub Packages and with it the ability to automate container security.
GitHub customers who publish Docker images and packages to GitHub Packages can now automatically detect open source components with known vulnerabilities with WhiteSource’s new GitHub Security Action.
The new workflow enables GitHub customers to get security alerts on Docker images and packages within their GitHub UI, so developers can be notified on vulnerabilities in their applications earlier in the process when it is easier and quicker to fix.
“Automating Docker image and package vulnerability identification and remediation through GitHub Action and Packages will help developers and enterprises reduce time and resources spent securing their code” said Jeremy Epling, Senior Director of Product Management at GitHub.
“We are happy to see WhiteSource deliver this solution through the GitHub Marketplace.”
“GitHub customers can now integrate the scanning of Docker images into their CI/CD pipeline, automating the security of these images and their associated deployed containers,” said David Habusha, VP Product of WhiteSource.
“Once scanned, the results of the scan can then be managed with WhiteSource’s various industry-leading reporting, policy, and notification options.”