Enterprise-grade Secured OCI Container Images Catalog
Today we are happy to introduce to the world our latest service that further enhances the reliability and production-readiness of containerized workloads: Secure Containers.
SIGHUP Secure Containers is an enterprise-grade OCI-compliant containers catalog proactively maintained, hardened, and secured.
Why is this so relevant?
Base images for your applications are the core of your containerization strategy. Keeping a tight control on your base images and having a trustworthy source for your containerised services is a fundamental part of the overall container security processes and best practices.
Docker Hub is the world's most extensive library and community for container images - including more than four thousand images from software vendors, open-source projects, and the community- and is the common source for container images.
Anyone may build a Docker image from a Dockerfile and redistribute it by using a container image registry, and this peculiarity enables an innovative environment where anyone can contribute and participate.
However, on the downside, there are several vulnerabilities and concerns about Docker Hub security (if you want to deepen, you can read the research "Vulnerability Analysis of 2500 Docker Hub Images").
Infact, it is hard to ensure that packages and applications inside a container are up to date and don’t contain outdated and vulnerable software.
That happens because many images are not updated or rebuilt for weeks, months, or even years and may contain vulnerabilities that can endanger the security of your applications.
We have highlighted some key factors you should consider if you are building images on an existing third-party base image:
- Are you using a trusted source for your images?
Checking the origin of the images is critical since the provenance of base images is crucial for security.
- How often are the images updated?
Avoid images that get updated only infrequently, especially if they do not respond to relevant vulnerability disclosures.
- Do the container base images have SLA-driven support?
Can you rely on a support service?
- How is the container image hardening process done?
Can you trust the way the entire process is done?
This is where the SIGHUP Secure Containers come into play and could be a game-changer for your security.
What is SIGHUP Secure Container Catalog?
SIGHUP Secure Containers is the premier service for accessing enterprise-grade, hardened OCI Images.
We strive to provide our users with continuously monitored, well-maintained and hardened base images for your application teams to use with peace of mind.
Meeting the security needs of organizations that rely on containerization for their development and operations and favor the stability and convenience of Debian in their everyday operations is the main purpose for which our catalog is designed.
Our service offers an ever-growing set of feature-rich, security-hardened images that will help you improve the security of your containerized applications.
Each and every image of our catalog gets continuously scanned for vulnerabilities and security risks and patched proactively whenever possible.
But there’s more: we don't simply focus on maintaining updated and patched images; we also provide you with a comprehensive set of resources to aid your development process, including a library of examples and automated tests.
Additionally, selected images come in alternative configurations such as rootless variants or bundle Prometheus exporters, to enhance the security and monitoring capabilities of your applications from the get-go.
Our Registry is constantly updated, providing you with detailed information on the current vulnerabilities and the mitigation measures we've taken to reduce them.
Additionally, you will receive a weekly report on the status of the support, allowing you to plan upgrades and deprecations to keep your environments secure effectively.
Why should you use it?
Our main goal is to lift the burden of your everyday operations so that you can focus on what's really important: your core business.
Leave the maintenance of your base container images to our bots and engineers, and spend time and energy where it really matters, we got you covered.
- Delegate the burden of maintaining your base images.
Keeping your Docker containers secure can be a daunting and time-consuming task.
We do recognize it can be difficult to stay on top of everything, and that's why we are here to help: our team of experts can take the burden of maintaining base images off your shoulders while you concentrate on your core business.
Thanks to our mix of automated solutions and human oversight, we can ensure your images are always up-to-date and secure.
- Stay on top of important information on a weekly basis.
We provide our customers with a weekly summary of the most important changes and updates. Our summaries include detailed descriptions of new releases and deprecations, as well as end-of-life and support reports, to help you plan your future updates in due time.
- The convenience of Docker official images, the safety of a curated catalog.
Docker official images are a great starting point for your projects as they provide a convenient, well-documented, and well-tested base for your applications.
Unfortunately, they are also a great starting point for attackers, as they are often based on outdated operating system packages known to contain security vulnerabilities. SIGHUP Secure Containers give you the best of both worlds: a convenient starting point for your projects and a secure base for your applications.
- Get a number of other benefits, such as preconfigured Prometheus exporters, rootless variants, and a library of examples.
Our images are opinionated, but this is a good thing.
We have preconfigured Prometheus exporters, rootless variants, and a library of examples to help you get off the ground quickly.
- Rest assured, our support team is there to help you, always.
We have a dedicated support team that is there to help you with any issues you might encounter and to provide assistance with any questions you might have.
GET STARTED NOW
If you want to try Secure Containers today, get access to our 1-month free trial by simply contacting us with this form.