Developers: | Yandex.Cloud |
Last Release Date: | 2023/04/24 |
Technology: | SaaS - Software as a service, TMS - Test Management System, Information Security Management (SIEM) |
The main articles are:
2023: Sharing
April 24, 2023 Yandex Cloud opened shared access vulnerabilities to the Vulnerability Scanner. With the help of the technology, platform users will be able to evaluate and improve the level of security when developing their - IT projects in. cloud The scanner is part of the Yandex Container Registry container image management service and is configured using a web interface. This will allow information security specialists not DevOps to spend on time setting up and supporting the product, Yandex Cloud is responsible for this.
The technology checks for vulnerabilities for images that contain the components and dependencies necessary for applications to function correctly. Then the content of the selected image is compared with the well-known vulnerability databases. As a result, the user receives a detailed report with identified security problems and possible fixes. In addition, users can manage Vulnerability Scanner settings. For example, enable automatic scanning for all new images. You can also select the type of scan - use the function for an entire registry or individual repositories. In the future, it will be possible to enable Vulnerability Scanner on a schedule.
{{quote "A significant number of our users are developing applications on the cloud platform to reduce time-to-market and facilitate development. Therefore, we pay special attention to ensuring that development on the cloud platform is not only fast and convenient, but also safe. The emergence of a vulnerability scanner inside Yandex Cloud will allow you to more effectively build DevSecOps, a secure development practice, "said Grigory Atrepyev, Product Director of Yandex Cloud. }}
According to statistics from the Vulners vulnerability database, on average, more than 70 new security vulnerabilities appear per day. So, in 2022, according to the statistics of the National Institute of Standards and Technologies of the United States, NIST set an anti-record - 25 thousand vulnerabilities were verified.
The scanner can be built into the development pipeline as part of the Yandex Managed Service for Gitlab DevOps platform management service. This will help strengthen the security features built into the service.