New capabilities added to Slim.AI’s innovative continuous software supply chain security solution to help software producers like BigID automatically secure the containers they provide to their customers or run in their production environments.
Slim.AI, the Boston-based software supply chain security company, unveiled new capabilities in its Continuous Software Supply Chain Security Solution to help software producers find and continuously remove vulnerabilities, harden container images and reduce container attack surface.
Leading data intelligence platform BigID, an RSA Innovation Sandbox award winner and the fastest growing security company on the 2021 Inc 5000, has begun leveraging Slim.AI’s solution to minimize vulnerabilities in the containers it provides to its customers.
Latest ITechnology News: Illumio and Armis Announce Joint Solution to Protect IT and OT Networks from Breaches
Helping Software Producers Protect Their Customers
As part of the new features announcement, security provider BigID joins other design partners in Slim.AI’s mission to make hardening containers for production use easier for developers, and thus reduce the complexity of supply chain security and vulnerability remediation.
As a security company that puts customers first and delivers software solutions to their customers in containers, it’s critical for BigID to ensure its containers are vulnerability free, hardened for production, and transparent to end users with information available about their security, composition and contents.
“We were thrilled with the initial results Slim.AI has provided for our application containers,” said Gal Malachi, director of software engineering and DevSec leader. “The concept of cutting our vulnerability findings in half with a single click is transformational. We are already seeing our container’s attack surface reduced by more than 60 percent. This is particularly valuable when we implement Slim.AI’s continuous and automated approach to supply chain threat reduction. It ultimately makes our job of securing our software easier and validates for our customers that BigID takes security seriously, even in our development process.”
BigID is leveraging the latest tools from Slim.AI to both identify and mitigate vulnerabilities. The two new features Automated Container Optimization and Multi-Scanner Vulnerability Reports—help BigID stay on top of the vulnerabilities uncovered by third-party vulnerability scanners and then automatically optimize their containers to make them as safe as possible by removing unused code, binaries and files before shipping them to production.
Latest ITechnology News: Kajeet Achieves Cradlepoint 5G for Enterprise Branch Specialization
“BigID is at the forefront of innovation and best practices for securing the software they build,” said John Amaral, co-founder and CEO of Slim.AI. “Gal and the security team at BigID are application security thought-leaders and experts. They are the perfect partner for Slim as we evolve our pioneering supply chain security solution. ”
Vulnerability Awareness and Remediation
Slim.AI is best known for its container optimization capabilities, stemming from the popularity of its long-standing open source project, DockerSlim. Slim.AI’s new “Continuous Supply Chain Security Solution” adds more security features, tooling and a better developer experience with a focus on teams and organizations use cases.
“Removing unneeded libraries from containers is arduous work and takes a lot of manual effort for both developers and security teams,” said Gal Malachi of BigID. “With Slim’s automated solution, we can harden our containers by keeping only what we need for our application to run.”
With container optimization in place, teams and organizations producing containerized software often want to know how many vulnerabilities were removed and which remain. With their latest release, Slim.AI adds Multi-Scanner Vulnerability Reporting that allows users of the platform to scan containers, slim them to remove unnecessary components, then scan them again to document for downstream consumers the volume of threats that have been removed.
This system provides documentation of vulnerability r****** as well as helping developers focus on removing the far-smaller set of threats that remain before pushing code to production. The feature also allows sharing of this information with all downstream partners to assure full transparency.
“As a CTO or CISO in today’s environment, you need to be taking every step you can to ship safe, secure and vulnerability free containers, continuously” said Amaral. “This applies equally to third-party, open-source and custom application containers. Removing unnecessary packages, software and files in an automated way, as part of CI/CD is the best, fastest and easiest way to do that.”
Latest ITechnology News: Adela Technologies Strengthens Managed Security Services Leveraging CoreSite’s Hybrid IT Solutions
[To share your insights with us, please write to sghosh@martechseries.com]