The growth of container usage has created new chal

The growth of container usage has created new chal

first_imgThe growth of container usage has created new challenges for DevOps teams, which is why Black Duck Software announced today that it will be adding container-scanning capabilities to its Hub software.This addition will help DevOps teams map open-source security vulnerabilities for applications. It will also allow them to map Linux distributions and other software in Docker and other Linux containers.As operations and DevOps teams identify container images that are used to support applications, they now can automate identification and verification of open-source component versions, and development teams can get early warnings in the build process if there is a vulnerability or out-of-date version, according to Black Duck’s blog. (Related: Why 2015 was the year of containers)By deploying a containerized scanner on their Docker hosts, users can identify the open-source security vulnerabilities in all layers of any container on that host, the company said. Since containers come from different sources, it’s difficult to detect open-source vulnerabilities and keep them from entering the operating environment.Red Hat, an open-source company, recently collaborated with Black Duck to secure a model for containerized application delivery. During that collaboration, both companies agreed that security concerns for containers need to be addressed.“The potential of containers is significant, but we believe it can only be fully realized in the enterprise if container security—understanding what’s inside the container, and the ability to detect and address vulnerabilities—is addressed,” said Mike Werner, senior director of Global Technology Ecosystems at Red Hat.last_img read more

WebAssembly Core Specification draft provides the

WebAssembly Core Specification draft provides the

first_imgWebAssembly Core Specification draft provides the outline for the core ISA layer of WebAssembly. This paper defines the “instruction set, binary encoding, validation, and execution semantics, as well as a textual representation.” The WebAssembly JavaScript Interface aims to give a JavaScript API for interacting with WebAssembly. It provides examples of how to use the API within WebAssembly and how the WebAssembly Store interacts with JavaScript.The third draft is the WebAssembly Web API, which talks about integration of WebAssembly with the broader web platform. It provides documentation on streaming module compilation and instantiation and developer-facing display conventions. In order to build high-performance apps on the web, developers can look to WebAssembly, which is code that can run in the browser and offers languages a compilation target so they can run apps on the web. It offers fast, safe, and portable semantics, as well as efficient and portable representation. Today, the World Wide Web Consortium’s WebAssembly Working Group published three First Public Working Drafts — WebAssembly Core Specification, WebAssembly JavaScript Interface, and WebAssembly Web API. The group works toward standardizing WebAssembly so that apps have consistent behavior in the web no matter what language they are written in.The authors of the drafts specify that a First Public Working Draft doesn’t imply that the W3C has endorsed it, and that it may be updated or replaced at any time.last_img read more