This week is Snyk’s annual SnykCon virtual conference that aims to connect with the global developer and security communities and Docker is excited to participate as a gold sponsor for the second year! At last year’s conference, we discussed our partnership with Snyk to incorporate their leading vulnerability scanning across the entire Docker application development lifecycle.
This partnership is just as important this year, as we’ve seen supply chain attacks happening at an alarming rate. In a cloud-native environment, everything you do is defined by code. We said it last year and we’ll say it again, security is vital to successful app development projects, and automating and integrating these security precautions with as little friction to development as possible, is key.
Together, Docker and Snyk bring security natively into the development workflow, so developers can automatically scan for image vulnerabilities while developing code versus after. The whole process is super simple too – you can automatically trigger scans after pushing an image into Docker Hub. Learn more about best practices for scanning and building secure images here. The best part? If you’re a Docker subscriber, you get access to Snyk scanning as part of your subscription!
Supply chain security is top-of-mind for all of us, and Docker CTO Justin Cormack breaks it all down in his session: “Understanding Supply Chain Security for Developers”, on October 7th, from 9:35am-9:55am ET.
Justin’s talk discusses what you can do during development to avoid security breaches and targeted attacks, specifically honing in on:
- Vulnerabilities in dependencies
- Credential management in build
- Static analysis, code review, and ephemeral infrastructure