Docker and Snyk partner to deliver container vulnerability scanning

Docker has partnered with Snyk to deliver native vulnerability scanning of container images in Docker. Together, Docker and Snyk will provide a streamlined workflow that makes the application development process more secure for millions of developers, allowing them to more quickly and confidently build secure applications as an automated part of their toolchain.

Traditionally, if and when a developer working with Docker discovered vulnerabilities, they had to add several separate steps to their workflow to scan container images, identify a fix and remediate effectively. Snyk’s developer-first approach to security empowers developers with visibility to automatically find vulnerabilities in open source libraries and container images.

With the addition of Snyk’s container image scanning and vulnerability database natively integrated into Docker, developers will have continuous security insight embedded into their inner-loop development process. This integrated approach gives developers an easy and efficient way to build and secure containers in an agile and productive application development workflow.

“The addition of scanning images in Docker through the new integration with Snyk means that developers are more easily able to find and fix vulnerabilities throughout the development process,” said Justin Graham, vice president of Products, Docker. “We are giving developers and development teams the peace of mind that container images stored in their Docker Hub repositories are scanned, and vulnerabilities identified and communicated to them, while eliminating extra steps in their application development workflow.”

"We are excited to partner with Docker to provide a streamlined workflow that brings automation and efficiency to building secure cloud-native applications for millions of developers," said Aner Mazur, chief product officer, Snyk. "This partnership is making security a top priority in the container application development process and setting a new standard for early and continuous application security driven by the development team."