YouTube link: https://www.youtube.com/watch?v=kO7skR5yNKo
Demo of Dockerfile Scanning with Fortify Static Code Analyzer (SCA), new with release 20.2 (Nov 2020).
Scanning of Docker Config files
- Help developers create more secure container images as part of the SDL
- Complements scanning base images for known vulnerabilities
- Supports custom rules for use cases such as verifying use of company approved base images - Dockerfiles in 20.2 (6 vulnerability categories)
- Docker Compose, K8 Helm Charts and Infrastructure as Code in future releases
- Based on CIS Benchmark