Community

Secure your Docker containers on Power with Vulnerability Advisor

Share this post:

As of May 23rd IBM Bluemix Container Service now provides a native Kubernetes operations experience while removing the burden of maintaining master nodes. Kubernetes itself is based on the Docker engine for managing software images and instantiating containers. Get the details.

We announced the release of the Vulnerability Advisor (VA) service for IBM Containers at DockerCon 2015. Since then, VA has continuously scanned thousands of customer images daily and offered actionable assessments of their vulnerabilities. Customers can now enforce security policies that prevent the deployment of containers with discovered software vulnerabilities or insecure configurations.

That initial version of VA only supported container images built for the x86 platform. As deployment of Docker containers on Power systems has been gaining traction, Power users have begun to demand the same vulnerability assessment capabilities previously only available to x86 customers.

We’ve extended VA with new capabilities that offer automated vulnerability assessment for Power-based Docker images. These are now available publicly on the IBM Bluemix platform. Users of Power-based Docker containers can now push their images to their private Bluemix registry to receive reports, which highlight software vulnerability findings and configurations that don’t conform with best practices.

Test the Vulnerability Advisor with Power-based images

You can test drive the vulnerability assessment capabilities of VA by uploading your own Power-based Docker images or images offered in the Docker Hub PowerPC repository:

Docker Hub ppc64le repository.

In this post, I’ll show you how to obtain a Ubuntu-based Power image from the PowerPC Docker Hub repository and push it to your own private Bluemix registry using the instructions described in “Copying images to your private Bluemix registry from the command line.” Then, I’ll demonstrate how to access your vulnerability report through Bluemix’s web catalog.

Note: To follow these instructions, you must have a Bluemix account (no charge!) and have the IBM Containers plugin installed in your environment, as described in this guide. The steps that follow assume that you’re working from an x86-based client.

  1. Transfer a Power-based Ubuntu image from Docker Hub to your private Bluemix registry:cf ic cpi ppc64le/ubuntu registry.ng.bluemix.net/<YOUR_NAMESPACE>/ubuntu-ppc64le:latest
  2. Verify that the image exists in your private Bluemix registry:cf ic images
  3. Logon to Bluemix and go to the Catalog tab. Filter the results to show Compute type and choose IBM Containers. Your new Ubuntu Power image should be listed:
    Bluemix Catalog.

Once you select the ubuntu-ppc64le image, the Create a Container screen will show the vulnerability report for the image:

Bluemix container creation.

Select View Report to view a detailed report of the vulnerability assessment of the image:

Vulnerability Advisor audit report for Ubuntu Power.

Get started with Docker and Vulnerability Advisor at no cost

If you already deploy your workloads on Power and are eager to try Docker containers, you can install Docker Engine on your Power workstations where you’ll build your container images. Once you’ve built your images, you can transfer them to Bluemix using the steps described above to receive an assessment of vulnerability issues with your images.

Log on to Bluemix today and try out the Vulnerability Advisor capabilities on your Power-based container images!

More Compute Services stories

What the stats say about container development

59% improved application quality and reduced defects. 57% reduced application downtime and costs. All adopted container development.   In 2017, IBM conducted an in-depth research study on the state of container adoption across all industries, startups to enterprises. The study reveals the most important solutions driving usage and highlights the key challenges that must be addressed by cloud providers. […]

Continue reading

New fast and flexible Veeam backup solutions to IBM Cloud

We’re excited to announce new Veeam additions to our IBM Cloud Catalog, to help keep your data protected with 24/7/365 availability. We’ve added two new Veeam Agents - one for Microsoft Windows and one for Linux management - and the latest Veeam Availability Suite 9.5 Update 3.

Continue reading

Watson Data Kit New Beta Planned, Current Beta is Ending

Announced at IBM Think in March, Watson Data Kits will provide licensed, machine-readable data to train Watson in the nuances of specific industries and use cases. The  kits are being designed to  reduce AI training time from months to as little as minutes, accelerating AI development to support faster, more-informed decision making for business leaders. Learn more here.

Continue reading