Container Security: Supply Chain Security | SUSE Communities

Container Security: Supply Chain Security


For organizations shifting left, security practices that keep pace with accelerated software development and deployment are critical. NeuVector is the only container security platform to enable Security as Code, the easiest way to streamline the incorporation of security policies into the development process. Eliminate tension between development and security. Speed the CI/CD pipeline. Bake security into your DevOps team’s process. Security as Code can supercharge security in your DevOps transformation. Here’s how:

Supply Chain Security

  • No known vulnerabilities, check against 17 vulnerability databases.
  • Compliance with PCI, GDPR, HIPAA, NIST.
  • Control which containers get admitted into your cluster.

Security as Code for DevOps and DevSecOps

As DevOps teams integrate their toolchain to enable automated deployment of container-based applications, one aspect has always slowed down a modern cloud-native pipeline: security. And while automated vulnerability scanning is now standard practice, creating the security policies to protect application workloads in production has largely been a manual process. The use of Kubernetes custom resources to capture and declare an application security policy early in the pipeline now solves this problem.

In order to ‘shift left’ security, developers can take the initial task of creating not only the application deployment manifest but the security manifest. The images are built and automated vulnerability scanning is completed and reviewed by DevOps. Once those steps are passed, DevOps can test both the deployment manifest and the security manifest and provide feedback to developers on the results.


The DevOps team can then deploy new apps together with the security policy for the apps into the production environment, ensuring that apps are secured as soon as they start running in production.

  • Behavioral learning: discover application behavior and services to isolate them from attacks
  • Security Policy as Code: integrate security policy throughout the CI/CD pipeline
  • Streamline communication between security and development


NeuVector: Full Lifecycle Cloud Container Security Platform

NeuVector is the only 100% open source, Zero Trust container security platform. Continuously scan throughout the container lifecycle,  remove security roadblocks, & bake in security policies at the start to maximize developer agility. Get started on kubernetes security by getting NeuVector on GitHub.

Avatar photo
Glen Kosaka Glen is head of product security at SUSE. Glen has more than 20 years of experience in enterprise security, marketing SaaS and infrastructure software. He has held executive management positions at NeuVector, Trend Micro, Provilla, Reactivity, Resonate, Quantum and Rignite.