I believe it's important to start with a premise:
in this article I'll spoke about a product/service built and offered by my actual employer, SIGHUP.
Nobody from my company asked me to publish this blogpost here, this are my honest opinion about Secure Containers.
Secure Containers is a service with a fee, built by SIGHUP that brought container base image secure, hardened and updated.
Developer work with containers and images, compared to the past, offer several advantages like standardisation, automation, and a faster release time.
One of the underestimated aspects of working with containers, is that it's necessary to start from basic images that must be chosen with due caution in order not to run into one or more of the following issues:
- outdated images
- malicious code
It is clear that having constantly updated base images, which contain the least number of CVEs possible, is important because any problems, once my software has been deployed, are replicated in the container which we then find running in production environments.
Keeping the base images updated and secure is therefore a non-negligible activity, which becomes a task that must be adequately followed by someone in the company, removing them from other tasks.
Here Secure Containers service can help with the following advantages:
- Comprehensive Container catalog
- Proactively patched against all known CVEs and vulnerabilities
- prometheus friendly images
- Notifications, support status and planned obsolescence
- supports and clear SLAs
If you are interested in Secure Containers, please read the dedicated site to find more info and FAQ where you have also the possibility to enable a free trial of the service.
If you like to read more about the security of container base images, check this article where I'll explain this topic deeper.