Continuous Security Assessment for the Docker Ecosystem

Cavirin is taking a leadership role securing the container lifecycle, including co-authoring both Docker and Kubernetes Security Benchmarks, OS hardening of containers as well as registry and Docker image scanning.

docker security

Securing the Container Lifecycle from the Beginning

Scanning the container images for security is critical before they hit production, since container based applications are often built by composing with other images downloaded from registries, some even untrusted, that can potentially have serious vulnerabilities. We have automated container security to the level of easy integration into application development process and CI/CD pipeline.

If they are implementing containers (Docker/Kubernetes) either on-premise or as part of a cloud deployment, you need to ensure that their workloads are secure.  And, if you bring in images from a registry, you need to ensure that these are not corrupted.  We support both of these scenarios, de-risking their deployments.

Automating the DevOps Security Process - FREE WEBINAR

Join us on Thursday, December 7th at 10:00AM PT as DevSecOps expert and writer, Gregory S. Bledsoe (@geek_king on Twitter), provides insight into balancing quickness with security into the DevOps environment. In addition, Dr Ravi Rajamiyeri, VP Engineering at Cavirin, will demonstrate the steps required to securing the container (Docker/Kubernetes) lifecycle. 

What you will learn: 

  • The why, the what, and the how of DevSecOps
  • Repackaging security and looking at change as an opportunity
  • How to refine a standard DevOps workflow to address security requirements
  • Automating security through the container lifecycle
Docker devops infographic


Cavirin's automated Docker image scanning looks at and assess all things within the actual Docker image, including security baselines and whether the system is patched, and can play an important role in the CI/CD pipeline.  This is critical, since about a third of all container images found in public or even private registries have vulnerabilities.


OS hardening of the full containerized infrastructure stack removes security holes and unnecessary/corrupt images to provide unsurpassed security in addition to improving container performance.


Cavirin was a key contributor of the CIS Docker v17.06 Benchmark and has embedded the core security guidelines into their platform along with other security and industry compliance frameworks (e.g HIPAA, PCI, SOC2 and NIST).


Cavirin has taken a leadership role securing the container lifecycle, including co-authoring both Docker and Kubernetes Security Benchmarks from the beginning.
  • Docker CIS Security Benchmark v1.6 (April 2015
  • Docker CIS Security Benchmark v1.11 (April 2016
  • Docker CIS Security Benchmark v1.12 (April 2016
  • Docker CIS Security Benchmark v1.13 (January 2017
  • Docker CIS Security Benchmark v17.06 (July 2017
  • Kubernetes CIS Security Benchmark v1.6 (May 2017)
  • Kubernetes CIS Security Benchmark v1.7 (July 2017)
  • Kubernetes CIS Security Benchmark v1.8 (October 2017)
Cavirin's platform integrates and reports results using today's current CIS Security Benchmarks as well as other security frameworks.

Capabilities in Container Ecosystem

Cavirin Blog
Docker Security Webinars
  • CIS Kubernetes 1.8 Security Benchmark Released (Cavirin Blog)
  • Cavirin Announces Continuous Security Assessment for Docker (Cavirin Blog)
  • New! - CIS Kubernetes 1.7 Security Benchmark Released (Cavirin Blog)
  • CIS Docker 17.06 Security Benchmark Released (Cavirin Blog)
  • DockerCon 2017 Q&A: Cavirin Will Demostrate Leadership Role of Securing the Container Lifecycle (
  • CIS Docker 1.13 Benchmark is Now Available (Cavirin Blog)
  • Docker Container Security And STRIDE (Cavirin Blog)
  • Docker Security a Product Manager's View (Cavirin Blog)
  • Confidently Securing Docker on AWS (VIEW)
  • Lifecycle Container & Docker Security - The CISO's Perspective (VIEW)

Securing Docker on AWS (Infographic)

According to Gartner, OS Container are not inherently unsecure, but they are being deployed unsecurely, driven by developers and a need for agility in service development and deployment. Security and risk management leaders must address container security issues around vulnerabilities, visibility, compromise, and compliance. With more than 14M Docker hosts and more then 12B image pulls over the past 3 years, containers are here to stay.

Check out our infographic, Securing Docker on AWS, to find out why a consistent view and continuous security is important when deploying Docker on AWS, how Docker image scanning works and how to select the right solution for your organization.
Docker devops infographic

Developed specifically for enterprise cloud and container environments

Google Cloud Platform
Microsoft Azure

Meet Pravin Goyal, Director of Information Security and Compliance Engineering at Cavirin

Pravin is a cybersecurity expert and has contributed to various CIS security benchmarks. He has authored CIS Docker Benchmark (all versions, including Docker 17.06 benchmark), plus the Kubernetes Security and CIS Quick Cloud Start Benchmarks. He has also set up a CIS community around Google Cloud Platform.

Check out his video, CIS Benchmarking 101 or his latest article, Take a DevOps-first Approach to Security that Leverages Containers


Contact the Cavirin Sales Team to answer your questions and help you in any way we can.

Cavirin provides security management across physical, public, and hybrid clouds, supporting AWS, Microsoft Azure, Google Cloud Platform, VMware, KVM, and Docker.