Know What’s In Your Containers With BlueLantern’s Container Composition Analysis (CCA)

Do you know what’s in your containers after they’ve been built?

Using open-source software in your container images means you inherit all the vulnerabilities that come with it. The first step in securing your containers is to know what’s in them.  BlueLantern performs Container Composition Analysis (CCA) which extends traditional Software Composition Analysis (SCA) techniques to container applications to identify the open-source libraries (bill of materials) and the risks these pose for your application:

We start by decomposing the container images in your selected registries into their individual layers, packages, and files for the application all the way down to the operating system level.

If the image has content which is new or doesn’t match our inventory, we’ll send you a notification with the level of detail you select. You can then decide whether to interrupt the build process and investigate or continue.

If everything checks out, we use this bill of materials to build or update an inventory of artifacts, including the third-party code and their dependencies used in your application.

With a comprehensive bill of materials, we check proprietary and public databases to form a comprehensive and highly accurate list of vulnerabilities and their potential impacts.

Make Container Security Decisions Easy

Security professionals account for only a small part of an organization’s technology team, if they are a part of one at all. With this model in mind, BlueLantern is focused on making results of any security analysis easy to understand. Knowing which issues are most important and how simple or complicated the fix should be is paramount. With concise and actionable information as our goal, we’re developing an easy-to-read results dashboard so teams can see at a glance the priority, severity, and downstream impacts of each issue. Additionally, BlueLantern provides recommendations for how to resolve issues to help reduce your mean time to remediate.

Get Notified About The Vulnerabilities That Matter

Don’t wait for your next scan to tell you the open-source you’re using has a new published vulnerability. On a nightly basis, BlueLantern combines checks from our threat intelligence database, several other proprietary databases, and the National Vulnerability Database (NVD) to notify you as soon as a new vulnerability is published. Through our comprehensive inventory and image bill of materials, we can notify you about only the vulnerabilities that matter to you. We also provide ways to act on, snooze, or dismiss notifications so you can tailor the response and the information to your interests.

Grow Your App Not The Time To Scan

Your app should keep growing, not the time required to scan it. As the size of an application increases so does the amount of time needed to scan it. To mitigate this issue, BlueLantern scans only the parts of your app that are new or have changed. Additionally, we analyze software content types to execute smaller, parallel scans for each group. We then archive results with the bill of materials created during each scan to send you notifications when new vulnerabilities are published that affect you. This approach helps reduce the time needed to scan and gets you the results you need with less down time.

We’re building BlueLantern now and need people like you to try our beta and let us know how we’re doing. Click the button below, give us some information and the BlueLantern team will reach out as soon as possible.

Not convinced yet?