The End-to-End Platform for Container Security
Continuous Image Assurance
Scan for known vulnerabilities, malware, hard-coded secrets, based on a continuous feed correlated across multiple source. Scan OS packages (RPM and Deb) and language packages: Java, NodeJS, Ruby, PHP, Python, C/C++ Integrates with CI/CD to automate security testing in the pipeline, and with Jira for developer feedback.
User Access Control
Role-based privilege definition per container/host/application/network/ storage volume. Allow/disallow specific user actions, e.g. start/stop, log access, read/write access, volume access.
Securely inject secrets into containers with no downtime. Integrates with HashiCorp Vault, CyberArk Password Vault, AWS KMS and Azure Vaults.
Visualize container networking. Nano-segment container networking based on application.
Auditing & Compliance
CIS Benchmark tests for Kubernetes and Docker. Scan hosts for vulnerabilities and malware, and view granular event logging and activity report.
The solution integrates with the following solutions: CI/CD tools: Jenkins, GoCD, TeamCity, Bamboo, GitLab and Microsoft VSTS. SIEM, Analytics and Alerts: Sumologic, Syslog, ArcSight, Loggly, Logentries, Microsoft OMS, ElasticSearch. Identity Mgmt solutions: Active Directory / LDAP, SAML Single Sign-On.
Linux and Windows Containers Registries: DockerHub, Amazon ECR, Google GCR, CoreOS Quay, JFrog Artifactory, Azure ACR or any v1/v2 registries Orchestrators: Kubernetes, Mesos, Docker Swarm, Red Hat OpenShift, Amazon ECS, Rancher Cloud Deployment: AWS, Google Cloud, IBM Cloud, Microsoft Azure.