Not rendering correctly? View this email as a web page here.
Container & DevSecOps Digest | June: Post DockerCon18; CoreOS App Metering Tool; Image Vulnerability Scanning Plugin for Jenkins, and the State of DevSecOps

The 5th DockerCon North America just closed its doors, where as usual there were many interesting announcements, with both Docker and its ecosystem partners showing their latest innovations. Here's a summary of those and other industry news, along with Aqua's own updates and some upcoming events. You're welcome to contact us contact@aquasec.com and follow us on Twitter @AquaSecTeam
News You Can Use
Docker Container Security While post-dockercon18 roundups are coming up, it seems that two major developments are expected in the enterprise edition, including federated application management across clouds, and extending kubernetes to windows server.
Docker Containers Security Malicious Docker Containers Earn Cryptomining Criminals $90k By pushing malicious images to a Docker Hub registry and pulling it from the victim’s system, hackers were able to mine 544.74 Monero, which is equal to $90,000,” ... Read on Threatpost ›
Image vulnerability scanning DockerCon: Building and managing containers Several companies announced new products and functionality at this week’s DockerCon18... Red Hat was talking about the initial public release of its Buildah command-line utility for creating or changing Linux container images. Read on IT Ops Times ›
Microservices Security Red Hat’s CoreOS Unit Releases App Metering Tool  The metering feature aims to give IT administrators a usage reporting tool for services used to run applications on Kubernetes, which is making steady headway in datacenters as application containers begin to scale. Read on Enterprise Tech ›
Secure DevOps Can DevOps Really Shift Everything 'To The Left'? Wouldn’t that simply pile all the tasks together willy-nilly, or perhaps force us to resort them into some other left-to-right order? The answer goes at the heart of what ‘continuous’ really means in the context of continuous integration and continuous delivery, the CI/CD mantras at the heart of DevOps. Read on Forbes ›
DevOps Security SANS Secure DevOps Survey With this survey, the SANS Institute intends to delve into the specific challenges and risks that organizations find as they start to converge into unified, secure DevOps. This new survey will examine the emergence of the integration of development, IT and security, as well as explore the implications for practitioners.
Help the community learn from your own experience, take the Survey › 
Webinar: Kubernetes – How to Prevent Attacks with Admission Controllers
Kubernetes Security
By applying proper admission controls in your Kubernetes cluster, it's possible to generate deployments that adhere to the least privilege model, limiting user and container activity based on their business usage needs. In this session, we will review the Kubernetes 1.10 admission controller capabilities and demo a dynamic admission control webhook that can be customized to limit privileged user access. You’ll learn how to make such standards easier to implement, as well as methods for providing production-grade security.

Webinar Sign-Up
Aqua News
Image Vulnerability Scanning The Aqua MicroScanner, Now with Free Image Vulnerability Scanning Plug-In for Jenkins We've made MicroScanner very easy to use, and the Jenkins plugin makes it even easier to use and automate. There's really no excuse for building images that include risky known vulnerabilities when it's so easy to avoid them at no cost. So make this an integral part of your build process. Get the Microscanner plugin for Jenkins and Learn More ›
Enterprise DevOps DevSecOps Gains Enterprise Traction DevSecOps is a great portmanteau word, but is it a concept in wide use? According to a survey of attendees at this year's RSA Conference, it's not yet universal, but many more organizations are now embracing at least some DevSecOps principles than was the case even a year ago... Read on Dark Reading ›
Multi-cloud container security

Multi-cloud strategy: 5 challenges you’ll face As multi-cloud strategies continue to mature, we asked a range of experts to weigh in on the problems multi-cloud IT shops commonly encounter – and must solve to maximize the potential benefits. These issues all can be solved: They should not be viewed as deal-breakers for your long-term multi-cloud strategy, but rather as opportunities for learning and proactive solutions. Read on The Enterprisers Project ›
Amazon EKS container security

Securing Kubernetes Deployments on Amazon EKS with Aqua ...The integration of Aqua with EKS provides a seamless way to enforce compliance and security policies on applications running on EKS clusters: Preventing unapproved images from being deployed, enforcing runtime policy controls on containers and pods, ensuring that the cluster nodes are properly configured against the CIS Kubernetes benchmark, and more.. Continue Reading ›
Database security Liz Rice and Sugu Sougoumarane talk security and databases ...about Vitess, the open source database clustering system which is now a CNCF project. At the same time we talked about the challenge of container security, a subject that was popular among many conference attendees..Read on Enterprise Times ›
Container Security

How Aqua Security Is Helping to Secure Docker Containers In a video interview with eWEEK at DockerCon 18, Aqua's CEO provides insight into why container security is increasingly important and what's next for the company. Watch on eWeek ›
Improve Security with Automated Image Scanning Through CI/CD
DevSecOps tools
Liz Rice the container technology evangelist talks to Alex Williams from The New Stack about securing applications deployed on Kubernetes through automation of the CI/CD pipeline. Using cloud-native security tools that hook right into Jenkins or your favorite CI/CD tool, enterprise security teams can set policies for developers who are building container images. The pipeline enforces those policies through automated vulnerability scanning of each image during the build process. Watch it Now ›  
 
 
Ready to Secure your Cloud-Native Apps?
Aqua provides a container security platform that enables enterprises to secure their cloud-native and container-based applications from development to production.
Schedule a demo
Container Security