Twistlock

twistlock

Building the Right Toolbox for a Successful DevSecOps Career

In the beginning, there were developers, and there was operations personnel. As our industry has evolved to support iterative development practices and rapid deployment support, we’ve had to adapt, and the natural evolution was the DevOps engineer — an engineer who could support the entire development process of an application, including quality assurance, deployment, and production support.

twistlock

BOD 19-02: DHS Vulnerability Remediation Requirements

On April 29 of this year, the Department of Homeland Security issued Binding Operational Directive (BOD) 19-02, Vulnerability Remediation Requirements for Internet-Accessible Systems. According to the DHS website “a binding operational directive is a compulsory direction to federal, executive branch, departments and agencies for purposes of safeguarding federal information and information systems.”

twistlock

CVE-2019-5021: Alpine Linux Docker Image Vulnerability

On May 8, 2019, a vulnerability impacting the popular Alpine docker image was announced. The vulnerability is in the default configuration of the /etc/shadow file and the root user account, in versions of Alpine greater than 3.2, the root user is configured with a null password, however the impact of this vulnerability can be mitigated through a configuration change.

twistlock

Red Hat Operator Framework and the Twistlock Console Operator: A Brief Journey

We’re proud to announce that our Twistlock Operator has been certified in the Red Hat Operator Framework Early Access Program and listed on operatorhub.io, in the Red Hat Container Catalog, and in the OpenShift Marketplace. We’re excited about the innovation coming out of the OpenShift, Operators, and broader Red Hat Kubernetes community. In this blog I’ll give a brief overview of how the Operator Framework and Operator SDK made it easy to build an Operator to manage the Twistlock Console.

twistlock

Twistlock Azure Devops Extension: Vulnerability Scanning for Containers and Functions

Many Twistlock users of Azure DevOps have employed the simple YAML example for twistcli scanning of container images in our sample-code repo, but we’ve had numerous requests for a native Azure DevOps Extension (plugin) so users could take advantage of features like graphical pipelines and secrets management.

twistlock

Twistlock Awarded CIS Certification for Six Profiles Across Four Benchmarks

PORTLAND, Ore., April 30, 2019 /PRNewswire/ — Twistlock, the leader in cloud native cybersecurity, announced today that its platform has been certified by CIS Benchmark™ to check its customers’ cloud native applications and infrastructure against the consensus-based best practice standards contained in Kubernetes, Docker, Linux and AWS benchmarks.

twistlock

Twistlock Recommendations Following Docker Hub Compromise

You’ve probably already read about the compromise of Docker Hub leading to the loss of 190,000 credentials. We’ve had customers ask about what this means and what they should think about. So, a few points to consider: There is no impact to Twistlock – even if you install Twistlock from the internet, you’re pulling from our dedicated, self managed registry, completely separate from Docker Hub.

twistlock

2019 Gartner Market Guide for CWPP: What You Need to Know

Gartner released its April 2019 Market Guide for Cloud Workload Protection Platforms, which focuses on emerging trends in cloud native infrastructure and how organizations should secure VMs, containers, and serverless workloads. In the report, Gartner acknowledges Twistlock as a Representative Vendor for Cloud Workload Protection Platforms.