Sysdig runtime insights combined with Docker Scout help developers prioritize risk and improve security posture

DOCKERCON – Sysdig and Docker today announced the integration of Sysdig runtime insights into Docker Scout to help developers prioritize risk and move faster. Docker and Sysdig will help customers reduce software supply chain noise, prioritize the insights that matter, and build leaner container images. Sysdig is the first runtime security integration into Docker Scout.

Today at DockerCon, Docker announced the General Availability of Docker Scout.

Attack surfaces are larger in the cloud and attackers move faster. A lack of aggregation and correlation of data sets hidden across multiple tools result in decisions being made without context and teams moving too slowly. Developers need context about what is running in their cloud environment to gain visibility and prioritize the threats that matter. Without it, they waste time attempting to triage a mountain of monitoring insights, or they ignore alerts that could lead to the next breach.

The Power of Runtime Insights

By leveraging real-time insights from production – such as in-use vulnerabilities, multidomain correlation, and in-use permissions – the Sysdig cloud-native application protection platform (CNAPP) connects the dots and identifies top risks across the software life cycle.

Docker Scout provides developers with actionable insights across the software supply chain via context-aware recommendations that result in improved application reliability and security. With this partnership, built on a shared open source heritage and commitment to cloud-native innovation, Sysdig and Docker add additional layers of runtime security that bring better visibility while empowering development and security teams to target real, imminent risk.

Benefits of Sysdig Runtime Insights Integration with Docker Scout

• Ship more secure images: Developers can compare images during the build phase with those running in production to easily identify risk, eliminate unnecessary packages, and build leaner container images with a smaller attack surface. Integration with the Docker Build and Push GitHub Action provide insight directly within GitHub to avoid committing risky images.
• Avoid shift-left security gaps: Shift-left security empowers teams to make better-informed decisions earlier in the development process. With Docker and Sysdig, it is possible to correlate image analysis with runtime context to generate actionable insights for securing the software supply chain.
• Accelerate cloud-native application delivery: Software validation processes are faster when informed by Sysdig runtime insights. By quickly identifying imminent risks that require immediate remediation, developers can focus on innovation and deliver cloud-native applications faster.
• Reduce monitoring noise: Joint customers can reduce monitoring noise by up to 95%, separating which vulnerabilities are in use and which are not. This helps security teams focus on what is most important and saves time for developers.

What People are Saying

“Organizations need to strengthen security across the entire software life cycle. With Docker Scout, Docker is giving developers the power to build more secure images from the start. Incorporating Sysdig runtime insights means that users can save time by focusing on the real risks exposed in production. Our partnership will help teams to both shift left and shield right to protect against breaches without slowing innovation,” said Bryan Smoltz, Vice President of Technology Alliances at Sysdig.

“Docker Scout proactively provides actionable insights across the secure software supply chain,” said Julien Faure, General Manager for Software Supply Chain at Docker. “With the Sysdig integration, we’re able to cut through the noise using runtime context. Knowing which packages are in use allows developers to prioritize what matters and deliver secure software faster.”

Resources

• Sysdig blog post: “How Sysdig Runtime Insights Helps Docker Scout with Vulnerability Detection and Response.”
• Learn more about Docker Scout.
• Learn more about runtime insights.
• Learn more about the Docker and Sysdig partnership.

About Sysdig

In the cloud, every second counts. Attacks move at warp speed, and security teams must protect the business without slowing it down. Sysdig stops cloud attacks in real time, instantly detecting changes in risk with runtime insights and open source Falco. Sysdig correlates signals across cloud workloads, identities, and services to uncover hidden attack paths and prioritize real risk. From prevention to defense, Sysdig helps enterprises focus on what matters: innovation. Sysdig. Secure Every Second.

About Docker

Docker helps millions of developers efficiently and collaboratively build, share, and run applications. The Docker collaborative application development platform provides developers with an unmatched experience for an integrated, reliable, and secure workflow that accelerates app delivery from code to the cloud. Through a combination of the world’s largest marketplace of trusted content and integrations with leading tools, Docker allows teams to rapidly create modern applications. For more information, visit www.docker.com.

View source version on businesswire.com: https://www.businesswire.com/news/home/20231004037133/en/

Today at #DockerCon, @Sysdig and @Docker announce partnership to accelerate and secure cloud-native application delivery. Learn more: https://sysdig.com/press-releases/sysdig-and-docker-announce-partnership