With this partnership, the Sysdig Secure DevOps Platform extends its image scanning capabilities to provide richer findings around vulnerabilities in third-party libraries and dependencies.
Combined with the wide range of vulnerability databases the Sysdig platform checks against, the comprehensive data from VulnDB enables organizations to more effectively identify, track, and reduce security risk. To support this activity, Sysdig added a new VulnDB view to the Sysdig dashboards.
Sysdig also announced how JW Player is using Sysdig to securely deliver video to more than 1 billion users.
There is an inherent security risk as organizations assemble code to save time, instead of writing from scratch. The 2020 Container Security Snapshot highlights that 53 percent of non-OS packages have “high” or “critical” level vulnerabilities.
Although teams may be scanning for OS packages, many developers are unaware of risk being introduced into their applications via third-party packages, dependencies, and misconfigurations.
Reduce security risk and speed the fix
Image scanning is critical to the ‘shift-left’ approach for security and should be integrated into the build process to validate images added to the container registry, and during runtime to ensure new vulnerabilities, secrets, and license violations are not introduced during production.
Image scanning is one of 10 workflows that span security, compliance, and monitoring that Sysdig provides to help organizations manage security risk and maximize availability. As Sysdig scans images, VulnDB provides Sysdig customers with increased vulnerability coverage and further strengthens reporting on vulnerabilities.
VulnDB provides more than 76,000 additional vulnerabilities not found in the publicly available Common Vulnerabilities and Exposures (CVE) database and provides the most comprehensive vulnerability database. The new VulnDB view in the Sysdig dashboards helps organizations to quickly identify vulnerabilities, recommend a fix, and speed remediation.
For each vulnerability detected, developers can immediately see every package affected, along with the version impacted and the Common Vulnerability Scoring System (CVSS) score. The VulnDB and vendor scores help teams focus on high-risk issues and understand who is responsible for the fix.
“There are vulnerabilities in virtually every application,” said Jake Kouns, chief executive officer at Risk Based Security.
“The key is having a security partner that alerts you to the ones that need your attention. By including better data from VulnDB in their powerful container and Kubernetes security and monitoring platform, Sysdig has given its customers access to the best vulnerability intelligence on the market.”
“As organizations move to the cloud, they often rely too heavily on default vulnerability data, which isn’t enough for most organizations,” said Omer Azaria, vice president of engineering at Sysdig.
“Partnering with VulnDB adds a valuable intelligence feed, enabling us to give Sysdig customers the most comprehensive aggregation of vulnerabilities and visibility to their risks. Addressing issues during the build process is fundamental to accelerating application delivery while managing risk.”