We are excited to announce that the Slim Platform has launched several new features for users to better manage vulnerabilities in their container images. Announced today in time for Black Hat 2023, we’ve added Reachability analysis for vulnerability prioritization, in addition to a new vulnerability dashboard experience, vulnerability burndown charts, and a Slack integration for alerting teams on changes in vulnerabilities.
Teams can also”watch” important images in their infrastructure for continuously monitoring images being scanned from your connected registries.
Previously, users could gain insight into their containers through container profile overviews, but viewing all the repos across registries simultaneously was not possible. Information about how to tackle vulnerability remediation was not as clear and scanning of individual images were done by navigating through each container image’s profile.
Now, with our feature updates, continuous monitoring, scanning, and vulnerability prioritization per container image across your repositories will be made easier to manage.
The Reachability feature allows for users to see a prioritized list of vulnerabilities in an image based upon their level of severity, if they are considered to be fixable, and if they are “reachable”. After a container is profiled, packages that are observed to be running while the Slim system exercises the image are considered “Reachable” packages. This feature is integral to expanding our container profiling capabilities in order to help users assess and prioritize image security issues.
Reachable packages will be combined with our information about vulnerabilities to sort vulnerabilities (prioritization), allowing filters of vulnerability or package lists in the UI, and adding this data to downloadable artifacts. Adding this information to our Packages and Vulnerability scan data helps your teams to quickly cut through noise and speed up your prioritization and remediation work.
Teams can focus on Reachable images first and make better decisions about unreachable packages or those listed as “Unknown”.
While individuals fix vulnerabilities, we at Slim know that cybersecurity is a team sport. This is why we changed the default view in our platform to a Dashboard view that summarizes Connected Registries, providing more context to over-taxed teams trying to manage and remediate vulnerabilities in their containers.
The Dashboard can be found by clicking on the Dashboard link in the top left corner of our navigation menu. This general view displays the number of registries connected and secured by Slim, the ratio of watched-to-unwatched repos, the ratio of watched-to-unwatched images based on their tags, and the total number of images we’ve scanned for you. This experience aims to be security-focused in order to highlight vulnerabilities over container composition.
You can view your Slim-secured repositories in a table on the Dashboard that gives you insight into the most recent time that your image was built, the high severity vulnerability counts, and overall image sizes.
View our Quickstart docs for more details.
In addition to the many features we have available when clicking into a container image profile, you can now view a vulnerability burndown chart in order to see how the vulnerability history of a container image has evolved over time when securing your images with Slim.
To take a deeper dive into the other insights, such as viewing vulnerabilities by package, level of severity, specific CVE data, file layers, and Dockerfiles, continue on to read our documentation on Container Profiles and Vulnerability Scanning. From here, you can also begin the hardening process to generate a smaller, more secure container image better suited for use in production.
View our Quickstart docs for more details.
If you're looking for your team to stay alerted about any changes in vulnerability counts of your images over time, you can set up a Slack integration via our Organization settings. Slim Slack App will request permission to gain access to your team's workspace in order to configure continuous monitoring and alerting systems that target Slack channels of your choice.
Select one or more channels to send Vulnerability Diff information to on a per-image:tag basis. You can continue to manage your integration from the Organization Settings view if you need to edit, delete or add new Slack channels for Slim.
View our Quickstart docs for more details.
The Slim Platform has launched a feature that enables teams to view all repositories that are part of your connected registries. Adding an image to your "Watched Images" list helps you continuously monitor your repositories as the platform scans for vulnerabilities on a daily basis, or as often as you choose to view a container profile.
In order to do this, navigate to the Dashboard and click on the plus sign within the secured repository table and use the modal that displays to target a specific image and its image tag.
Click "Start Watching" to keep that image on your radar! All Watched Images are listed in the Secured Images table.
View our Quickstart docs for more details.
Start from the new Dashboard upon logging onto the Slim Platform to unlock all of the new features. View our Quickstart docs for a walkthrough of how to get started with scanning your repositories and leveraging the new features for continuous vulnerability monitoring and remediation.
Additional Documentation & Resources
https://www.slim.ai/docs/changelog
We can’t wait to hear your feedback on this new functionality. Please do not hesitate to contact us in our Slack channel or send your feedback to me via thomas.wood@slim.ai.
