Docker Hardened Images (DHI) now integrates with Black Duck's binary analysis and SCA tools to automatically reduce vulnerability noise in containerized applications. The integration uses VEX (Vulnerability Exploitability eXchange) statements to suppress non-actionable base-image alerts, combines Docker's exploitability data with Black Duck Security Advisories (BDSAs) for faster triage, and supports automated SBOM generation for compliance with regulations like the EU Cyber Resilience Act. Key capabilities include zero-config DHI recognition, layer-specific analysis, CI/CD pipeline gating based on reachable risks, and automated Jira/email workflows for SLA tracking.
Table of contents
TL;DR: The Black Duck + Docker Value PropositionA Comprehensive Strategy for Software IntegrityDeep Visibility with Binary Match & SCA RoadmapDynamic Risk Triage: VEX + BDSA IntelligenceOperationalizing Security with Automated WorkflowsGet started for freeSort: