Legacy Mend for Containers
Note: This topic and its subtopics are relevant for the Mend Unified Agent. We recommend using the new Mend CLI and its enhanced capabilities to scan your container images.
The Motivation
The most important aspect of container image security is managing vulnerabilities. Running containers with vulnerabilities exposes the entire system to attacks and compromises. Mend assists its customers to actively manage and scan the images used in order to discover and remove known vulnerabilities.
Mend for Containers Overview
Mend for Containers is a suite of products to manage vulnerabilities and compliance through the container lifecycle. It covers all the aspects of open-source management in containers and offers a holistic approach to customers willing to ensure security and compliance policies throughout the development lifecycle. In addition to management, policies, and workflows, Mend for Containers provides the option to enforce each one of the company’s policies, and any stage in the DevOps lifecycle: From Build tools, image registries and in production.
Once an image is created, it is automatically recorded in Mend for containers. This can be in a build tool (Jenkins, CircleCI, TeamCity and more) or in one of the image registries (Docker Hub, ECR, Azure Container Service or Artifactory). From that moment on, any change in the image is recorded and saved, and a scan will be triggered. In each point, the user can define a 'gate' containing their security and compliance policy.
Mend CLI - Container Image Scanning
This video is an overview of how to use the Mend CLI to scan your container images using a pipeline.
See also: