Home / Companies / CircleCI / Blog / Post Details
Content Deep Dive

How to do vulnerability management with Docker and CI/CD

Blog post from CircleCI

Post Details
Company
Date Published
Author
Tito Villalobos
Word Count
2,809
Company Posts That Month
5
Language
English
Hacker News Points
-
Post removed?
No
Summary

Vulnerability management is a critical, albeit tedious, aspect of maintaining security compliance in modern technical stacks, involving the continuous process of scanning, prioritizing, and patching software vulnerabilities. CircleCI's journey through FedRAMP certification and SOC 2 Type II compliance revealed the necessity of automating vulnerability management, particularly with their Docker-based infrastructure, where patching entails deploying new images rather than traditional server patches. This shift in responsibility from SREs to development teams necessitated educating both internal teams and auditors unfamiliar with Docker's implications on security practices. Initial steps involved manually assessing vulnerabilities using spreadsheets, which later evolved into an automated ticketing system integrated with CI/CD pipelines, enabling seamless vulnerability patching as part of regular workflows. CircleCI's strategy emphasized feedback loops, collaboration with engineering teams, and automation to streamline processes, despite initial resistance and challenges, ultimately leading to a system where vulnerability management is an ongoing, integrated part of software deployment rather than a disruptive event.

Trends Found in this Post
Trend Post Mentions Total Month Mentions Posts Companies MoM
Kubernetes 1 1,085 130 43 -12%
Use This Data

Use this post, company, and trend context to find content marketing opportunities, perform competitive analysis, or address product feature gaps via the Plushcap MCP server or the Plushcap API.