Ubuntu maker wants app developers to stop worrying too much about security

[aum]

New Canonical portfolio will be exempt from Docker’s per-user rate limits

 

Buoyed by the recent Snyk security report that found security vulnerabilities in several container images except Ubuntu’s, the company behind it, Canonical, has published a whole portfolio of hardened images.

 

Unsurprisingly, Canonical has partnered with Docker to streamline the delivery of the secure portfolio of images through Docker Hub.

 

“Canonical and Docker will partner together to ensure that hardened free and commercial Ubuntu images will be available to all developer software supply chains for multi-cloud app development,” Docker's Matt Carter wrote in a blog post announcing the collaboration.

 

Long term security

The 2020 Snyk State of Open Source Security report discovered security vulnerabilities in several popular container images, while giving a clean chit to Canonical’s Ubuntu image. 

 

The company builds on this achievement and in a FAQ posted on its new repository, promises to fix any Common Vulnerabilities and Exposures (CVEs) within 24 hours of being reported.

 

Canonical’s LTS portfolio will include both free and commercial images and already lists about a dozen images for prominent open source software including Redis, Nginx, Grafana, Prometheus, and several others.

 

All of the hardened images in the repository will have a five-year free security maintenance period, same as the underlying Ubuntu LTS release they’re based on. Paying customers of Canonical’s Ubuntu Pro program will get an additional five years of support as part of the ten year Extended Security Maintenance contract.

 

Canonical’s announcement is the second major security-related initiative by Docker in as many months. Just last month application security company Snyk announced that they’ve started providing security scanning capabilities for images pushed to Docker Hub. 

 

Canonical hopes the two developments will help “drive a surge in Kubernetes adoption as companies embrace digital transformation while significantly reducing operating risk in the solution application life-cycle.”

 

Source

[steven36]

Ubuntu Linux maker Canonical publishes curated container images to help secure software supply chains

 

 

A good deal of software development now relies on open source images, but it can be hard for businesses to know if they're introducing security flaws by using them.

 

Canonical -- the company behind Ubuntu Linux -- is addressing this by publishing the LTS (Long Term Support) Docker Image Portfolio, a curated set of secure container application images, on Docker Hub.

 

LTS Images are built on trusted infrastructure, in a secure environment, with guarantees of stable security updates. Canonical and Docker will collaborate on Docker Official Images and the LTS Docker Image Portfolio to bring the best of the two to the community and ecosystem. The entire LTS Docker Image Portfolio will also be exempted from per-user rate limits.

 

 

"Docker helps millions of developers simplify how they collaboratively build, share and run applications," says Scott Johnston, CEO of Docker. "Docker Hub is the most popular registry on the planet because of the depth and breadth of content. It equally serves any developer running in any environment. Developers want and need a curated, maintained and secure set of content that Docker is continuously investing in. Today, we are taking that investment further with Canonical's Ubuntu, one of the most popular verified images on Docker Hub, to create a more integrated, reliable and secure developer experience to accelerate app delivery for our community."

 

Several images from the LTS Docker Image Portfolio will be freely available as Docker Official Image versions during the five year standard security maintenance period of the underlying Ubuntu LTS. The entire LTS Image Portfolio, including content exclusively available to Canonical customers, will be available through Docker Hub.

 

"Guarantees of software supply chain security and integrity are vital to the fast-moving world of cloud-native operations," says Mark Shuttleworth, CEO at Canonical. "As the platform provider for the vast majority of container runtimes, we are responsible for the underlying performance and security of multi-cloud container operations and are glad to extend that service to the application container layer."

You can find Canonical's LTS offerings on the Docker Hub.

 

Source