Software container supply chain security firm Slim AI Inc. today announced a revamped version of its Continuous Software Supply Chain Security Solution that it says companies can use to find and remove vulnerabilities on an ongoing basis.

In this way, companies can harden their all-important container images and reduce the container attack surface, Slim AI said.

Slim.AI, which raised $31 million in funding earlier this year, provides container optimization tools based on the popular DockerSlim open-source project. It’s main offering provides developers with tools to ship secure and production-ready application containers in an automated, repeatable and transparent way. To do this, it has created a holistic, container-based workflow that guides developers through every step as they set up their containers and move them into production.

Software containers are used to host the components of modern applications that can run on any kind of computing infrastructure without change. They’re incredibly popular with developers today, since containers allow them to build applications just once and run them on multiple computing platforms.

Slim.AI said its updated platform adds more security features, including automated container optimization tooling, and creates a better developer experience, with a focus on teams and organization use cases.

With automated container optimization in place, developers who’re building containerized software can now find out how many vulnerabilities are removed automatically, and also which ones remain. This is done through Slim.AI’s new multiscanner vulnerability reporting tool, which enables users to scan individual containers, streamline them by removing unnecessary components, then scan them again to identify the volume of threats that have been eliminated.

The system provides full documentation of all vulnerabilities that have been removed, allowing developers to focus their efforts on a much smaller set of threats that remain. Once those are dealt with, developers can push their containers into production with confidence, Slim.AI said. The documentation can also be shared with downstream partners to assure transparency.

Constellation Research Inc. analyst Holger Mueller said containers have become the most popular way for developers to deliver the code that runs modern applications, but as with every new technology it comes with risks and downsides. “The risks in this case are primarily the vulnerabilities in the code,” Mueller explained. “So it’s good to see offerings like Slim.AI that can scan this code, not only flagging but also removing vulnerable code. This is the kind of automation that’s necessary to increase developer velocity and reassure companies they can operate their applications safely in containers.”

Slim.AI said it has worked closely with the data protection startup BigID Inc. to implement its new tooling. BigID sells software that assists companies in securing customer data in order to satisfy privacy regulations, and so it’s essential that the containers it uses are free of vulnerabilities, hardened for production and fully transparent. As such, BigID is leveraging Slim.AI to identify and mitigate vulnerabilities to ensure its containers are as safe as possible, removing unnecessary code, binaries and files and documenting these steps before they’re moved into production.

BigID Director of Software Engineering Gal Malachi said the ability to cut its vulnerability findings in half with a single click has been transformational for his company. It has also seen its container attack surface reduced by more than 60%.

“This is particularly valuable,” Malachi said. “It ultimately makes our job of securing our software easier and validates for our customers that BigID takes security seriously, even in our development process. Removing unneeded libraries from containers is arduous work and takes a lot of manual effort for both developers and security teams. With Slim’s automated solution, we can harden our containers by keeping only what we need for our applications to run.”

Photo: dendoktoor/Pixabay