filmov
tv
Dockerfile with custom rule with Fortify SCA
Показать описание
This shows Dockerfile scanning with custom rules as a Fortify Static Code Analyzer (SCA) feature new to the 20.2 SCA release.
A previous Unplugged video showed the possibility of scanning docker config files in order to help developers to create more secure container images as part of the sdl of the secure development lifecycle.
This complements scanning base images for known vulnerabilities where we look into containers to understand if there are any known vulnerabilities or if there are any components in there with known vulnerabilities. In this case we look at the docker config file in order to understand if the docker container by itself has been set up securely. In addition to just scanning this with our rules we support custom rules for different use cases such as verifying, for example, that we use base images out of a company approved docker container or docker repository.
Fortify Static Code Analyzer (SCA)—Build Better Code and Secure Your Software
Fortify SCA is an automated static testing offering that builds security into the development process. Fortify SCA pinpoints the root cause of the vulnerability and prioritizes results, and provides best practices so developers can code more securely. It reviews code and helps developers identify and resolve issues with less effort and in less time.
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips
A previous Unplugged video showed the possibility of scanning docker config files in order to help developers to create more secure container images as part of the sdl of the secure development lifecycle.
This complements scanning base images for known vulnerabilities where we look into containers to understand if there are any known vulnerabilities or if there are any components in there with known vulnerabilities. In this case we look at the docker config file in order to understand if the docker container by itself has been set up securely. In addition to just scanning this with our rules we support custom rules for different use cases such as verifying, for example, that we use base images out of a company approved docker container or docker repository.
Fortify Static Code Analyzer (SCA)—Build Better Code and Secure Your Software
Fortify SCA is an automated static testing offering that builds security into the development process. Fortify SCA pinpoints the root cause of the vulnerability and prioritizes results, and provides best practices so developers can code more securely. It reviews code and helps developers identify and resolve issues with less effort and in less time.
- Connect with peers and share your knowledge
- Find solutions and answers to your technical questions
- Stay informed on new releases and product enhancements
- Access downloads, demos, videos and support tips
0:05:41
0:17:58
0:10:34
0:15:05
0:14:10
0:02:35
0:24:13
0:50:38
0:04:03
0:34:00
0:02:08
0:12:14
0:09:36
0:10:51
0:10:00
0:53:32
0:44:35
0:09:41
1:05:54
0:52:44
0:18:27
0:50:09
0:08:42
0:50:42