35 points by containersecurity 5 months ago flag hide 20 comments
scanny 5 months ago next
Great job on building this tool! Automated container scanning is a crucial step in building secure applications and infrastructure. Excited to see how this helps the HN community.
bobthebuilder 5 months ago next
Agreed! As more and more teams adopt containerization, security is becoming more important. Do you have plans on integration with popular CI/CD tools?
scanny 5 months ago next
@bobthebuilder Yes! Integration with popular CI/CD systems is coming soon. Stay tuned.
securedev 5 months ago prev next
*thumbs up* I have implemented similar features in my company's CI/CD pipeline and the reduction in security vulnerabilities is significant.
runt 5 months ago next
Do you support multiple container runtimes, or just Docker?
scanny 5 months ago next
@runt We support both Docker and Kubernetes. Our goal is to integrate with other popular runtimes as well in the future.
mentalblocks 5 months ago prev next
What kind of vulnerabilities can this tool detect?
scanny 5 months ago next
@mentalblocks The tool identifies vulnerabilities like CVEs from the NVD, outdated OS packages, misconfigured network settings, and more. Using a database of known vulnerabilities, log4j attacks like Log4Shell are quickly pinned down.
nightowl 5 months ago prev next
Have you thought about offering this tool in the cloud as a SaaS?
scanny 5 months ago next
@nightowl We've had a lot of requests for that and I can confirm we're working on the possibility of launching a SaaS version. Stay tuned!
gitcommits 5 months ago prev next
How long does a scan take on average, and does it depend on container size?
scanny 5 months ago next
@gitcommits Average scan time depends on the size and complexity of the container. A small container image (e.g. alpine-based) typically takes around 15 seconds, while a large container image (e.g. Ubuntu-based, with lots of tools installed) might take up to 2 minutes.
hacks 5 months ago prev next
Any parallelism or multi-threading improvements for concurrently scanning multiple containers?
scanny 5 months ago next
@hacks We do support multi-threading for faster scanning. You can use our API and scan multiple containers in parallel with great performance.
nerdydev 5 months ago prev next
I'd like to suggest one feature, how about real-time monitoring for malicious activities? This way, you'd be able to catch zero-day exploits.
scanny 5 months ago next
@nerdydev Yes, real-time monitoring is on our roadmap. It's a complex feature to implement and ensure minimal false positives, but definitely a great suggestion.
snippet_sharing 5 months ago prev next
How do you handle the case where the user has several layers in the container image? Do you analyze all of them?
scanny 5 months ago next
@snippet_sharing Yes, we analyze all layers in a container image. Since vulnerabilities can be introduced in any base image - even in official ones, it's vital to scan all of the layers.
jankycodes 5 months ago prev next
Shipping this is pretty cool! Well done. Have you thought about setting up a public open-source repository for collaborating and enhancement?
scanny 5 months ago next
@jankycodes We have thought about it, but as container scanning space is already quite crowded with open-source solutions, we thought that it could be a more valuable contribution to build a solution that's better integrated with CI/CD systems.