Earlier in the year in this blog post around modern network coverage and container security in InsightVM, we shared Rapid7’s plans to better understand and assess the modern and ever-changing network with Docker and container security. We began by introducing discovery of Docker hosts and images, as well as vulnerability assessment and secure configuration for Docker hosts. With these capabilities you can see where Docker technology lives in your environment and the exposure of your Docker hosts. We know visibility into your modern infrastructure, including vulnerabilities on individual container images is always precious. Today we’re happy to announce the next stage of container security capabilities in InsightVM: Container image assessment and visualization.

Container image visibility

InsightVM is built to provide visibility into your modern infrastructure; it’s the only solution that directly integrates with Azure, AWS, and VMware to automatically monitor your dynamic environments for new assets and vulnerabilities. Now, this visibility extends to vulnerabilities residing within Docker container images.

When performing scans for vulnerabilities, InsightVM collects configuration information about Docker hosts and the images deployed on the host. One of the new ways InsightVM makes this information available is through Liveboards, a dashboard view that is updated in real time.

You can add the Containers Dashboard to get a quick view, or add Container-specific cards to create your own views.

The new cards give you insight into the potential risk posed by containers in your environment, such as:

  • How many container hosts exist in my environment?
  • Which specific assets are container hosts?
  • How many of the container images in my environment have been assessed for vulnerabilities?
  • What are the most commonly deployed container images?

Expanding a card, we can see details of the assets that have been identified as Docker hosts.

You’ll notice new filters available, allowing you to tailor your visualizations based on container image metadata:

We can also drill into the individual hosts and view Container images that reside on the host.

InsightVM also provides simple visibility into container images themselves. Here we see a view of vulnerabilities on packages. From this view we can also explore the specifics of layers that compose a container image.

With InsightVM, getting visibility into container images is easy. However, most development teams working with containers make heavy use of container repositories.

Automatically assessing container registries

In order to get visibility into the risks containers present in your environment at scale, InsightVM offers integration with container registries. InsightVM provides visibility into container images hosted in public and private registries. Here we see a list of registries connected to InsightVM.

InsightVM is configured by default with connections to Docker Hub and Quay.io registries and additional connections may be created:

Registries can contain many images. InsightVM automatically assesses container images in your network within a registry. You can be assured when an image from the repository is deployed in your network, InsightVM will provide visibility to the vulnerabilities and configuration of the image. You can also assess or re-assess images as needed:

These capabilities make Rapid7 a great partner for securing your application development infrastructure; we can now help you:

  1. Assess and secure container images in InsightVM;
  2. Scan production applications for vulnerabilities with InsightAppSec;
  3. Monitor container usage and deployment with InsightOps;
  4. Get a penetration test of your application environment with actionable advice; and
  5. Build out a secure software development life cycle with expert guidance.

For more detailed information on using these capabilities in InsightVM, see our help page here. And of course, if you haven’t done so already, get a trial of InsightVM today and start assessing!