Docker containers are the new way developers package applications. The best feature of containers is the fact that they contain the code, runtime, system libraries, and all the settings that are required for the application to work. Due to the ease of use and deployment, more and more applications are getting deployed in containers for production use.
With so many moving parts, it becomes imperative that we have the capability to continuously scan Docker containers for security issues. In this chapter, we will look at various ways of doing just that. Starting with the familiar CIS benchmark scripts invoked using Ansible, we will move on to clair-scanner, which is a great tool to scan for existing vulnerabilities and integrates well with your existing CI/CD workflow, if you need.
In detail, we will explore the following topics in this chapter:
- Understanding continuous security concepts
- Automating vulnerability assessments of Docker...