Container Security Scanning
Containerized applications are growing in popularity due to the modularity and portability that they provide. By deploying applications within containers, developers are able to host them on a wider range of machines without the need to worry about compatibility.
However, the rise of containerization also creates container security concerns such as potential issues with Docker container security. Containers may contain vulnerabilities that need to be found and fixed before they are exploited by an attacker. Container scanning is the process of inspecting these self-contained programming environments for vulnerabilities.
How Does Container Scanning Work?
Container scanning — like other forms of vulnerability scanning — involves using an automated tool to search the container for known vulnerabilities. Often, this involves the tool inspecting each layer of the container for vulnerabilities. This can include checking for instances of software with known Common Vulnerabilities and Exposures (CVEs) or testing for common vulnerabilities within a piece of software.
Common Container Vulnerabilities
Containerized applications can include a wide variety of different vulnerabilities. Some of the most common types include the following:
- Application Vulnerabilities: The applications running within a container may contain vulnerabilities. For example, a web application may include an SQL injection or buffer overflow vulnerability that leaves it vulnerable to attack.
- Insecure Configurations: In addition to potential vulnerabilities in their code, applications can also have security issues introduced by misconfigurations. For example, an optional setting in an application, if enabled, may allow an access control bypass or use of an insecure protocol.
- Network Threats: Containerized applications have the ability to communicate with other systems via the network. If these network communications are not configured securely, there is the potential for eavesdropping or exploitation of the containerized application.
- Access Control Issues: Like other applications and systems, containerized applications should have access controls in place to manage access to the application and any sensitive functionality or data. Overly permissive access controls could enable data breaches, malware infections, or other threats.
Detecting Vulnerabilities with Container Scanning
At a high level, a container security scanner works similarly to any other vulnerability scanner. It will inspect the system being tested — in this case a containerized application — for known vulnerabilities.
Often, this involves enumerating the software installed on the system and comparing it to CVE databases or the National Vulnerability Database (NVD) to determine if the container contains any software with known vulnerabilities. Additionally, the scanner may inspect the container and its applications for potential configuration flaws, such as overly permissive access control settings.
However, the nature of containers has an impact on how their security scanners work. Containers are designed to allow developers to build on the work of others. A container typically starts with a base image to which a developer adds additional layers to implement their desired runtime environment.
This layered architecture impacts how security scanning is performed for containers. A container scanner has the ability to inspect each layer individually, looking for known issues with each.
For example, a containerized application may use a third-party base image as its foundation. While this image may be high-quality and secure, it may also contain known vulnerabilities or malware. A container scanner can identify these issues and may be able to recommend an alternative, more secure image that would still meet a developer’s needs.
What Types of Container Vulnerabilities Can Be Detected?
Container scanning can identify a wide range of potential issues with a container. Some common examples include the following:
- Image Vulnerabilities: A container image vulnerability is a vulnerability with the image embedded within a container. For example, a container image may include an insecure library or dependency that is used by the base image.
- Malicious Images: Containers are often built based on third-party images. An image from an untrusted source may include malware or security misconfigurations designed to make containers built using it vulnerable to attack.
- Access Controls: Containers have built-in access controls to limit users’ access to the container itself. If these access controls are misconfigured or vulnerable, an attacker may be able to escalate their privileges and take over the container.
- Application Vulnerabilities: The applications installed within a container can include vulnerabilities that make them vulnerable to attack.
Container Security with Check Point
As containerization becomes more widely used, container security scanning is a vital component of a DevSecOps process. The unique structure of containers can introduce new threats and makes the process of securing them different from other, non-containerized applications.
Check Point CloudGuard Workload Protection offers container security capabilities, including the ability to scan containers for potential vulnerabilities. To learn more about CloudGuard Workload Protection’s capabilities and find out how it can improve the security of your organization’s containerized applications, feel free to sign up for a free demo today.

 
		

