Every container image protected by Sysdig is tested against VulnDB, the largest database of vulnerability data; remediation steps simplify time-to-resolve vulnerabilitiesSAN FRANCISCO – September 2, 2020 — Sysdig, Inc., the secure DevOps leader, today announced the addition of VulnDB as a third-party vulnerability source. VulnDB, from Risk Based Security, is a comprehensive, timely, and actionable source of vulnerability intelligence. With this partnership, the Sysdig Secure DevOps Platform extends its image scanning capabilities to provide richer findings around vulnerabilities in third-party libraries and dependencies. Combined with the wide range of vulnerability databases the Sysdig platform checks against, the comprehensive data from VulnDB enables organizations to more effectively identify, track, and reduce security risk. To support this activity, Sysdig added a new VulnDB view to the Sysdig dashboards.
Today, Sysdig also announced how JW Player is using Sysdig to securely deliver video to more than 1 billion users.
There is an inherent security risk as organizations assemble code to save time, instead of writing from scratch. The 2020 Container Security Snapshot highlights that 53 percent of non-OS packages have “high” or “critical” level vulnerabilities. Although teams may be scanning for OS packages, many developers are unaware of risk being introduced into their applications via third-party packages, dependencies, and misconfigurations.
Reduce security risk and speed the fix
Image scanning is critical to the ‘shift-left’ approach for security and should be integrated into the build process to validate images added to the container registry, and during runtime to ensure new vulnerabilities, secrets, and license violations are not introduced during production. Image scanning is one of 10 workflows that span security, compliance, and monitoring that Sysdig provides to help organizations manage security risk and maximize availability. As Sysdig scans images, VulnDB provides Sysdig customers with increased vulnerability coverage and further strengthens reporting on vulnerabilities.
VulnDB provides more than 76,000 additional vulnerabilities not found in the publicly available Common Vulnerabilities and Exposures (CVE) database and provides the most comprehensive vulnerability database. The new VulnDB view in the Sysdig dashboards helps organizations to quickly identify vulnerabilities, recommend a fix, and speed remediation. For each vulnerability detected, developers can immediately see every package affected, along with the version impacted and the Common Vulnerability Scoring System (CVSS) score. The VulnDB and vendor scores help teams focus on high-risk issues and understand who is responsible for the fix.
“There are vulnerabilities in virtually every application,” said Jake Kouns, chief executive officer at Risk Based Security. “The key is having a security partner that alerts you to the ones that need your attention. By including better data from VulnDB in their powerful container and Kubernetes security and monitoring platform, Sysdig has given its customers access to the best vulnerability intelligence on the market.”
“As organizations move to the cloud, they often rely too heavily on default vulnerability data, which isn’t enough for most organizations,” said Omer Azaria, vice president of engineering at Sysdig. “Partnering with VulnDB adds a valuable intelligence feed, enabling us to give Sysdig customers the most comprehensive aggregation of vulnerabilities and visibility to their risks. Addressing issues during the build process is fundamental to accelerating application delivery while managing risk.”
Current Sysdig customers have access to the VulnDB data and will find the new views in their dashboards today. Learn more about Sysdig image scanning.
Connect with Sysdig
- Get started with Sysdig
- Get more news in the Sysdig newsroom
- Read the Sysdig blog
- Follow Sysdig on Twitter
- Watch Sysdig videos on YouTube
- Follow Sysdig on LinkedIn
Media contactAmanda McKinney Smith
Sysdig helps companies secure and accelerate innovation in the cloud. Powered by runtime insights, the cloud security platform stops threats in real time and reduces vulnerabilities by up to 95%. Rooted in runtime, the company created Falco, the open source solution for cloud threat detection. By knowing what is running in production, Dev and security teams can focus on the risks that matter most. From shift left to shield right, the most innovative companies around the world rely on Sysdig to prevent, detect, and respond at cloud speed.