Cloud One – Container Image Security

We are partnering with Snyk to help developers leverage open-source code securely.

Key Features

Protect your container images sooner for optimal detection

Build better applications with security that’s easy to integrate into your DevOps tool chain.

Detects more malware, vulnerabilities, secrets, keys, and passwords, with complete visibility through your command shell, advanced dashboards, logs, and notifications
Scans images at build time and removes threats before the image is saved to your registry
Scans your approved images in your registry for any new threats or zero days

Reduce manual processes with automated container image scanning protection

Simplify your secure build process with our public automation centre for code snippets, documentation, support, and more
Access a complete set of security APIs for dev tools, such as Jenkins, Kubernetes, and container platform
Direct feedback from email and community platforms, like Slack^® and ServiceNow^®, helps mitigate issues and expedite resolutions

Smart protection in the CI/CD pipeline

Reduce disruption of development schedules and workflows with unmatched threat intelligence that maximises threat detection in your CI/CD pipeline.

Advanced analytics, including machine learning, to detect real-time, zero-day threats
Integrated threat intelligence delivered from millions of sensors with over 3 trillion threat queries annually
Insightful protection, identifying almost 7 billion unique threats annually to ensure protection from today’s and tomorrow’s threats through Trend Micro’s Smart Protection Network

Compliance-ready protection

Secure your applications and meet compliance requirements without impacting productivity in the CI/CD pipeline.

Vulnerability assessment and malware detection
Simplified audit reporting with log history to help address compliance and governance requests
Ensure threats are discovered sooner than later with continuous scanning at the image build stage and in the image registry

Minimum System Requirements

Kubernetes 1.8.7 or higher

Helm/Tiller 2.8.1 or higher

Docker 17.06 or higher

Detect threats prior to runtime

Uncover vulnerabilities, malware, and sensitive data, such as API keys and passwords, within your container images

Minimise false positives by correlating patch layers with packages that are vulnerable in the same image
Address vulnerabilities before they can be exploited at runtime
Invoke scans at any stage of your pipeline
Results include available fix details

Confidently deploy containers with image assertion

Detect security issues early, enforce policy, and be assured only compliant containers run in production.

Build a security policy based on the detection of secrets, keys, malware, and vulnerabilities
Only allow images that meet security policy to proceed through the pipeline
Take advantage of integration with signing services for risk-based admission control
Validate that an image complies with a specified security policy before it’s permitted to run in the production environment

Flexibility to fit into your pipeline

Effective security for containers begins with simplified administration of protecting images.

Deploys as a Kubernetes^® helm chart for easy integration into your container and software-build pipeline environment
Configure authorised users and groups accordingly for role-based access
Add and update registries to maximise desired scans
Create multiple concurrent scanning scenarios

Other Cloud One services

Trend Micro Cloud One™ – Container Image Security is part of Trend Micro Cloud One™, a security services platform for cloud builders, which includes:

Workload Security Runtime protection for workloads (virtual, physical, cloud, and containers)

File Storage Security Security for cloud file and object storage services

Application Security Security for serverless functions, APIs, and applications

Network SecurityCloud network layer IPS security

Conformity Cloud security and compliance posture management

Get started with Container Image Security