Veracode expanded its Continuous Software Security Platform with container security functionality. The application security vendor wants to ensure that containers are secured at an early stage.

Veracode develops software for application security testing. According to the organization, containers often face the same security issues as physical and virtualized server hardware, including poorly managed logins and misconfigured security settings.

Veracode finds that container security solutions often run at runtime. The solutions apply security measures after the development process and thus detect errors that could have been prevented at an earlier stage.

The new Veracode Container Security solution for the Continuous Software Security Platform addresses both issues. The solution integrates directly into CI/CD pipelines, allowing developers to resolve vulnerabilities before containers move to production.

Features

The solution can be operated through a command line interface and provides vulnerability detection, vulnerability resolution and management tools for logins and security configurations in most popular operating systems.

The tool also gives developers early advice on security actions in the container development process. In doing so, the tool ensures that containers are secured before moving to production.

Different formats

The results of the tool are available in various formats, including JavaScript Object Notation (JSON) and Software Bills of Materials (SBOM) such as CycloneDX, Software Identification Tagging (SWID) or Software Packaging Data Exchange (SPDX).

The data can be easily integrated with other tools for troubleshooting issues early in the development lifecycle.

Tip: Veracode detects vulnerabilities in applications