Scan and fix in minutes
Companies run hundreds of applications. Identifying and rolling out updates for all of these applications can be complex and very time consuming.
Automation is key and the degree in which you can react as a company to these risks is vital.
The 1st question is: can you easily identify which applications/services are impacted? There are many vulnerability scanners out there and you should have at least one integrated in your CI/CD pipeline. Not only on application level but also on a container level to check for best practices, standards and security risks.
2nd question: once you have identified the impacted applications, how easy is it to roll out fixes? Does it take manual intervention and downtime? Or can you apply these fixes in an automated way without any impact?
Cloud Native Build Packs
At Galagio, we help companies in getting their applications to production in a fast but robust way. A key component in modern development is the use of containers and for that we rely on Cloud Native Buildpacks. This project was initiated by Pivotal and Heroku and is at the heart of transforming your source code into a runnable application image that follows container standards regarding security as well as architecture.
fig. 1 : Transform application to container image
fig. 2 : Rebase run image
Tanzu Build Service
Tanzu Build Service offers the convenience of these workflows with more automation and the governance capabilities enterprises need. It is based on Cloud Native Buildpacks and follows a declarative model to execute builds automatically against user-defined.
Tanzu Build Service uses Cloud Native Buildpacks to rebase app images when specialized contractual base images are updated in a registry. When such a new base image is detected, Tanzu Build Service will automatically detect the applications that are based on this image and will deliver new application images to your registry reflecting these updates.
This means you can resolve common vulnerabilities and exposures (CVE), like the recent Log4j CVE-2021-44228, without a rebuild without sacrificing control by introducing Operator-driven image promotion. Tanzu Build Service includes a powerful, team-based permissions model so Platform operators can control the Buildpack configurations that groups of developers are allowed to use.
How can we help?
Companies should use this recent Log4j risk as an opportunity to revise the way applications are build and managed. Tools like Cloud Native Buildpacks & Tanzu Build Service are key in fixing CVE issues fast and reliable.
Let’s discuss the pains this recent CVE introduced in your company and demo how to ease that pain in the future. Let us help you in getting your applications to production in a fast but robust way.