As Vulnerabilities Soar, Slim.AI Launches 'Container Intelligence' to Give In-Depth Analysis on Hundreds of Popular Container Images
Free service provides insights developers need to systematically identify and reduce container vulnerabilities.
October 25, 2022
PRESS RELEASE
DETROIT, Oct. 25, 2022 /PRNewswire-PRWeb/ — KUBECON + CLOUDNATIVECON NORTH AMERICA — In software supply chain security, knowing your software means knowing what's in it--for better or worse. Slim.AI, the Boston-based startup focused on optimizing and securing cloud-native applications, has today launched Container Intelligence, a free and open service that anyone can use to quickly gain
valuable insights into what's in the most popular container images that they're baking into their software every day.
Despite the supercharged emphasis on security in the software industry, containers now have more vulnerabilities than ever before; moreover, a worrisome gap exists between developers and leadership on resources needed to address the problem. These findings are detailed in the second annual Slim.AI Public Container Report, published today and available for complimentary download.
Slim.AI aims to help close the gaps identified in the report by making Container Intelligence available to everyone, free. Container Intelligence scans more than 160 popular public container images making up 30% of total global pull volume using a combination of open-source and proprietary scanning tools. Slim.AI will quickly expand the dataset to cover the majority of public containers used by developers today across multiple registry providers. Developers can use Container Intelligence to make informed decisions when selecting containers or containerized applications for use in their tech stacks.
"Democratizing information about the security posture of public containers is critical if we want to meet the challenges of today's software supply chain," said John Amaral, co-founder and CEO at Slim.AI. "At Slim.AI, we believe in sharing information we have about the security and usability of public containers with developers so that they can make informed decisions about the containers they work with."
Key features of 'Container Intelligence' by Slim.AI:
Publicly available container profile pages on the Slim.AI website -- no login, no registration needed.
Profiles include vulnerability counts by severity, container construction details, and package information, along with comparisons to
similar public containers.Containers are fully searchable and categorized according to use case (for example, base images, CMSs or DevOps tools).
The data is updated daily to ensure freshness.
Slim.AI will be adding more capabilities to Container Intelligence throughout the coming year. Future enhancements will include expanding the database to include more public registries, adding comparative analysis across images and providing container update notifications.
Taking It to the Next Level with Slim.AI
For those who want to know even more about their containers, developers can log in to the Slim.AI platform from the Container Intelligence page to analyze their own private containers, get vulnerability reports from multiple scanners, and automatically harden their container images for production.
Additionally, Slim.AI has been adding functionality for teams and is accepting a limited number of organizations into its design partner program. For more information, contact [email protected].
Learn More About Container Security at KubeCon/CloudNativeCon
For those interested in hearing more, Ayse Kaya, Slim.AI's senior director of strategy and insights, will present a keynote at KubeCon NA based on this dataset on Wednesday, October 26 at 10:05 a.m. EDT. Her presentation, "What We Learned Dissecting the World's Most Popular Containers," demonstrates the current paradox in software supply chain practices, especially the trade-offs teams make between "developer experience" and "production readiness."
Kaya's insights are based on a Dimensional Research survey of 300 software developers and DevOps engineers globally as well as an analysis of the most popular public container images used by developers today. This work forms the basis of the second annual Slim.AI Public Container Report.
"Perhaps the most stunning finding at a macro level is that after a year of intense focus on security, the cloud-native ecosystem is no safer today than it was this time last year," said Kaya. "The silver lining, however, is that awareness is increasing. The complexity of the problem is not our enemy; ignorance of the problem is. And our industry is taking strides to come together and make applications more secure."
Watch Kaya's keynote at KubeCon to learn more about her findings, which include:
Of the top public containers Slim.AI observed over the past year, 60% actually contain more vulnerabilities today than they did one year ago. Most notably, high-severity vulnerabilities increased by 50%, followed by a 10% increase in critical vulnerabilities. The average public container has 287 vulnerabilities, 30% of which belong to a high/critical category (up from 20% last year).
A discrepancy between executives and developers on both the capabilities required for supply chain security and the organization's preparedness. According to the survey, executives believe that more container security practices are happening in their organizations (49%) than frontline developers (34%).
Developers are getting squeezed from both sides -- shifts to the left mean removing vulnerabilities from containers is a developer problem, with more and more customers demanding often unrealistic "zero vulnerabilities" in delivered software. Among developers, 88% said it is challenging to ensure containerized apps are free from vulnerabilities, complexity being the #1 contributing factor. Seventy percent stated their customers demand that their containers have zero vulnerabilities.
Visit Slim.AI at Booth SU64 to learn more from Slim.AI representatives.
About Slim.AI
Slim.AI helps developers create, build, deploy and run their cloud-native applications more efficiently and securely. The unique approach used by Slim.AI moves the focus on container optimization upstream in the DevOps lifecycle, giving developers the tools they need to author, manage and ship production-ready containers efficiently and effectively. More information at https://slim.ai and @SlimDevOps.
You May Also Like