Menú

La información en esta página no se encuentra completamente disponible en tu idioma de preferencia. Muy pronto esperamos tenerla completamente disponible en otros idiomas. Para obtener información en tu idioma de preferencia, por favor descarga el PDF aquí.

Técnicas

Análisis de seguridad en contenedores

Nov 2019
Adoptar?

La adopción continua de contenedores para los despliegues, en particular Docker, ha tornado el análisis de seguridad de los contenedores en una técnica necesaria, y hemos movido esta técnica a “Adoptar” para reflejar este hecho. En particular, los contenedores introdujeron una nueva vía para los problemas de seguridad; es vital que se utilicen herramientas para analizar y revisar los contenedores durante el despliegue. Preferimos utilizar herramientas de análisis automático que corran como parte del pipeline de despliegue.

Apr 2019
Probar?

The container revolution around Docker has massively reduced the friction in moving applications between environments, fueling increased adoption of continuous delivery and continuous deployments. The latter, especially, has blown a rather large hole in the traditional controls over what can go to production. The technique of container security scanning is a necessary response to this threat vector. Tools in the build pipeline automatically check containers flowing through the pipeline against known vulnerabilities. Since our first mention of this technique, the tool landscape has matured and the technique has proven useful on development efforts with our clients.

Mar 2017
Evaluar?

The container revolution instigated by Docker has massively reduced the friction in moving applications between environments but at the same time has blown a rather large hole in the traditional controls over what can go to production. The technique of container security scanning is a necessary response to this threat vector. Docker now provides its own security scanning tools, as does CoreOS, and we've also had success with the CIS Security Benchmarks. Whichever approach you take, we believe the topic of automated container security validation is of high value and a necessary part of PaaS thinking.

Nov 2016
Evaluar?

The container revolution instigated by Docker has massively reduced the friction in moving applications between environments but at the same time has blown a rather large hole in the traditional controls over what can go to production. The technique of container security scanning is a necessary response to this threat vector. Docker now provides its own security scanning tools, as does CoreOS, and we’ve also had success with the CIS Security Benchmarks. Whichever approach you take, we believe the topic of automated container security validation is of high value and a necessary part of PaaS thinking.