Submit Your Image From a Wide Range of Registries
Supply Chain / Insider Attacks
These days, the software running inside containers represents itself a complex pyramid of code dependencies on various libraries.

Do you know who has built your dependencies?
Do you trust these developers?
The Risk of Breach
One of the main problems of CI/CD built around containers
Container breaches that keep taking place identify one fundamental issue with containerization – the lack of visibility on what happens inside the running containers.
Consider these challenges:
Bespoke malware can bypass an antivirus, if the attackers first try it out with VirusTotal to make sure it's not detected
Attackers may fingerprint all container's services and launch an attack as soon as new vulnerability is discovered
System event interception will not flag a cryptominer, if its functionality largely consists of mathematical calculations
A container with no vulnerabilities whatsoever could still easily be exploited, if its service relies on a weak password
A Github repository can be broken into or typosquatted, so that the entire supply chain is trojanised:

For example, the attackers may clone goodpackage.git repository into good-package.git, and then trojanise it – such dependency would be very hard to spot
The Solution
No single technology can be a magic wand.

Prevasio combines several cutting-edge techniques to make sure an analysed container is free of malware, does not expose weak passwords, has no vulnerabilities, and is bullet-proof against any form of attack.
How It Works
Submitting Dockerfile
Dockerfile is a 'recipe' with instructions on how to build a new container image. Coupled with optional run options and extra commands, it will tell Prevasio how to build an image and how to spawn a new container from it.
Building Container Image
Prevasio then creates a new dedicated virtual environment. Next, it builds a new container image inside that environment in accordance with the instructions contained within the received Dockerfile.
Launching Container
Once the image is built, a new container is spawned from that image. This action takes place inside the virtual environment, absolutely decoupled from any production environment.
Static & Dynamic Analysis
The executed container is then vigorously analysed, scanned, and exposed to a pen-test. Multiple invasive actions are performed in order to produce a final report with all the findings.
Static & Dynamic Analysis
Instant identification of any security problems within containers, by using a wide range of techniques
Network Traffic
Full inspection of network traffic, including HTTPS
Vulnerability Scan
Identification of the vulnerable packages/libraries
Automated Pen-Test
Secure pen-testing of the services exposed by containers
ML Scan
Machine Learning classifier of x32/x64 ELF executables
System Event Graph
Visual representation of system events, intercepted on kernel-level
Security Posture
Reporting of weak/clear-text passwords, github repos, ports/services exposed to hackers
Copyright © 2020 All Rights Reserved by Prevasio Pty Ltd.