We recently announced a growing cohort of open source and enterprise vulnerability scanners that now support Chainguard Images. We are excited to add AWS Inspector to that growing list. Announced today during AWS re:Invent, AWS has added new features and capabilities to its Inspector product to help meet enterprise vulnerability requirements – this includes an established security data connection with Chainguard so their customers can realize the savings in time and see the scanner noise reduction that our Images deliver. Today, this enhancement is available to users of AWS Inspector’s integration with CI/CD pipelines, and AWS has committed to extending this support to scans of ECR and other services by the end of 2024H2.
This growing ecosystem of scanner support enables our customers and community users to continue leveraging the tools and workflows they use today for monitoring and prioritizing vulnerability scan results. Vulnerability scanning tools, along with software composition analysis (SCA) tools, play a critical role in software security today. It's the primary way that organizations surface and find common vulnerabilities and exposures (CVEs).
Chainguard is working hard every day to achieve zero-known CVE counts in our Images. Having support from AWS Inspector is an important step in our product’s growth and effectiveness for enterprise users who now will be able to verify scan results and validate that they are shipping the most secure builds possible.
Vulnerability scanners can generate false positive results (flagging a vulnerability that doesn't exist) or false negatives (missing actual vulnerabilities). This scanner noise can lead to missed compliance milestones, customer frustration, wasted development time and resources as security teams investigate and remediate non-existent issues or overlook real vulnerabilities.
Chainguard helps to eliminate the burden of false positives and false negatives by conducting daily image rebuilds, which means scan results can actually work as intended by providing actionable alerts that require true remediation vs. worrying about what CVEs are worthy of concern or not. In some cases, we often fix vulnerabilities before they’re detected.
Building with Chainguard Images and scanning with a supported scanner helps organizations build software right, from the start. The combination improves security posture by reducing an organization’s attack surface and minimizing false positives, giving engineering and security teams peace of mind and time back to do what they do best – build.
Chainguard Images now available in AWS Marketplace
Procuring Chainguard Images has never been easier. Our Images are now available on the AWS Marketplace – making it easier for existing AWS customers, software developers, enterprises and small and mid-sized businesses (SMBs) to discover, purchase and deploy Chainguard Images from their existing AWS account.
The end of the year is fast approaching and those AWS credits are likely burning a hole in your pocket. Start off the new year right, with clean vulnerability scans and a fresh new image. If you are an existing Chainguard Images customer or user, visit Chainguard Academy to learn more about how your scanner tools work with Chainguard as well as best practices for understanding scanner results.