DryDock
Use Cases
Blog
Pricing
Sign In

Container image security with DryDock

Get Started with GitHub

Container Vulnerabilities

What causes vulnerabilities?
  • Over time, vulnerabilities are discovered and patched in the libraries and programs used in container images.
  • Container images are static and do not get these updates, resulting in vulnerable services.
  • This problem of out-of-date images is well-known and widespread. Some images go years without patches.

Reactive Approach

Image Scanning and Scheduled Builds
  • Periodic scanning identifies images that require updates which are done manually.
  • Scheduled image rebuilds run every day to include available patches.
  • These approaches waste compute resources and leave services vulnerable for hours or even days.

Proactive Approach

DryDock Base Image Monitoring
  • Detect changes to base images and trigger builds immediately.
  • Propagate these updates by automatically rebuilding downstream images.
  • Patched images are available in minutes, instead of hours or days.