Deep Security Smart Check – Container Image Security

Protect your container images sooner with automated scanning for advanced security within your CI/CD pipeline

Key Features

Protect your container images sooner for optimal detection

Build better applications with security that’s easy to integrate into your DevOps tool chain.

  • Detects more malware, vulnerabilities, secrets, keys, and passwords, with complete visibility through your command shell, advanced dashboards, logs, and notifications
  • Checks image content against a compliance checklist that includes items from PCI-DSS, HIPAA, and NIST 800-190.
  • Scans images at build time and removes threats before the image is saved to your registry
  • Scans your approved images in your registry for any new threats or zero days
  • Snyk source code vulnerability database for early detection and mitigation of vulnerabilities in open source dependencies
Windows® Mac® AndroidTM iOS new Power Up

Reduce manual processes with automated container image scanning protection

  • Simplify your secure build process with our public automation center for code snippets, documentation, support, and more
  • Access a complete set of security APIs for dev tools, such as Jenkins®, Kubernetes®, and container platform
  • Direct feedback from email and community platforms, like Slack® and ServiceNow®, helps mitigate issues and expedite resolutions
Windows® Mac® AndroidTM iOS new Power Up

Smart protection in the CI/CD pipeline

Reduce disruption of development schedules and workflows with unmatched threat intelligence that maximizes threat detection in your CI/CD pipeline.

  • Advanced analytics, including machine learning, to detect real-time, zero-day threats
  • Integrated threat intelligence delivered from millions of sensors with the broadest attack surface protection
  • Insightful protection, identifying billions of unique threats annually to ensure protection from today's and tomorrow's threats through Trend Micro’s Smart Protection Network
Windows® Mac® AndroidTM iOS new Power Up

Compliance-ready protection

Secure your applications and meet compliance requirements without impacting productivity in the CI/CD pipeline.

  • Vulnerability assessment and malware detection  
  • Simplified audit reporting with log history to help address compliance and governance requests
  • Ensure threats are discovered sooner than later with continuous scanning at the image build stage and in the image registry
Windows® Mac® AndroidTM iOS new Power Up

Kubernetes 1.8.7 or higher

Helm/Tiller 2.8.1 or higher

Docker 17.06 or higher

Detect threats prior to runtime

Uncover vulnerabilities, malware, and sensitive data, such as API keys and passwords, within your container images

  • Minimize false positives by correlating patch layers with packages that are vulnerable in the same image
  • Address vulnerabilities before they can be exploited at runtime
  • Invoke scans at any stage of the pipeline
  • Results include available fix details

Confidently deploy containers with image assertion

Detect security issues early, enforce policy, and be assured only compliant containers run in production.

  • Build a security policy based on the detection of secrets, keys, malware, and vulnerabilities
  • Allow only images that meet security policy to proceed through the pipeline
  • Take advantage of integration with signing services for risk-based admission control
  • Validate that an image complies with specified security policy before it’s permitted to run in the production environment

Flexibility to fit into your pipeline

Effective security for containers begins with simplified administration of protecting images.

  • Configure authorized users and groups accordingly for role-based access
  • Add and update registries to maximize desired scans
  • Create multiple concurrent scanning scenarios

Get started with Smart Check – Container Image Security

Build secure

Trend Micro™ Deep Security™ Smart Check – Container Image Security is part of our Hybrid Cloud solution. This powerful security delivers threat defense techniques for protecting physical, virtual, and cloud workloads, along with build pipeline scanning of container images and runtime protection of containers and the host.