SEE ALSO: IoT security – “The safest software is the one not being on the system” However, as developers use containers to support their applications, we have to be aware of the new security model that these deployments will need.
This can mean that for applications with large volumes of traffic that container images will carry on for longer periods of time, during which time issues may get discovered.
Every time an image was pulled from a container registry, an existing vulnerability would be introduced into the application.
Application security company Snyk found that many of the most popular publicly available container images contained flaws and vulnerabilities, while at the same time many developers were not actively scanning those incoming containers for problems.
A layered approach also enables the developer to identify the application, its characteristics inside the container and then answer important questions regarding visibility, such as what system changes is it making?