Slim.AI, the Boston-based startup focused on optimizing and securing cloud-native applications, has announced the release of its Automated Container Hardening capability, complete with vulnerability reporting and software bills-of-material for hardened images.
Slim’s continuous supply chain security solution works in both CI/CD processes and Kubernetes implementations. Container Hardening goes beyond “generic” container slimming to produce a hardened container that is both secured for production and can pass the organization’s own tests and policy protocols.
Key Benefits of Automated Container Hardening
- Leverages your own tests, in your own infrastructure: Slim’s new workflow can be implemented using any test suite and run in CI/CD even Kubernetes. This ensures the hardening process is reliable and robust, and removes manual container security work from engineering and DevOps teams.
- Easy to Automate: Slim’s CLI makes scripting easy, and pre-configured examples exist for most major CI platforms.
- Works for any container image: Container Hardening can work on any container image, regardless of base image, language ecosystem, or functionality. It even works on third-party applications whose source code you don’t control.
- Comprehensive Reporting: While some container hardening approaches require proprietary scanning tools, Slim is designed to work with any 3rd-party scanner or SBOM tool. It generates an SBOM, multi-engine vulnerability report, and additional reports that can be shared with stakeholders and customers, every build.
Jit, the company codifying product security for developers, is a Slim.AI Design Partner and has been using the new workflow in production. Jit and the Slim.AI team worked together to integrate Slim’s Automated Container Hardening flow into Jit’s CI/CD pipeline via GitHub actions and a series of tests.
This new functionality removes the work of several developers or teams. On average, organizations report a single vulnerability can cost up to two hours of development time to remediate. Reducing vulnerabilities by 80% in a single process lets teams focus on the risks that matter most.
Automated Container Hardening is currently free to try in the Slim Developer Platform. Teams and organizations hardening containers at scale should contact the Slim team to inquire about their Design Partner program, which offers additional features, support and scale.