A database and analytics solution provider company was facing difficulties with over 300 custom built Docker images deployed in the infrastructure between Staging QA and production. There was no provision for scanning vulnerabilities within built images and no contingency plan in place.
Opcito solved this problem using CoreOS's Clair, a tool to monitor security of containers with an API driven analysis engine for a completely vulnerability proof build process.
2. 2
Customer and the business challenge
Customer
Database and analytics solution provider
The business challenge
• Over 300 custom built Docker images deployed in the infrastructure
between Staging QA and production
• No provision for scanning vulnerabilities within built images
• Vulnerable dependencies
• No contingency plan in place.
3. 3
Opcito’s solution
Clair
• A tool to monitor security of containers with an API driven analysis engine
• For vulnerability scanning of all the images
• Integrated with the CI/CD pipeline
• Addition of scanning and reporting mechanism to the build process
Jobs scheduling and flagging solution
• Scan internal private Docker registry for vulnerabilities in the images
• Flag in a custom report in case of any vulnerability
Tools, technologies, and frameworks used
Docker, Clair, Jenkins, Shell scripts, Ansible, Cron
4. 4
Block diagram and benefits
• Over 75 vulnerabilities were identified in the running images within their
infrastructure which were taken care of
• A defined process to scan vulnerabilities as soon as the build process is
completed
• Reduced time to find and fix vulnerabilities
• No vulnerability can leave the build process.