This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock.
Earlier this week, Sonatype announced a strategic partnership with Twistlock. The relationship is crucial to furthering automation and security across the software supply chain in terms of container technologies. For this reason, we invited Chenxi Wang, Chief Strategy Officer from Twistlock, to share some insight into their business and technology with our community. We'll also be in Barcelona next week, with Twistlock sharing insights with the Docker community.
Introducing Twistlock
After 6 months and 15 successful beta deployments, Twistlock is announcing the general availability of our container security suite.
Twistlock came out of stealth in May 2015. Since then, we have been working diligently with a select group of beta customers to validate the value of our offerings. This diverse group of 15 beta testers, including Wix, AppsFlyer, and HolidayCheck, spans financial services, hospitality, healthcare, Internet services, and government. These customers confirmed that we are hitting the sweet spot of their most pressing container security needs. Most of them already deployed our product into their production environments, protecting live services and customer data.
Today, our beta deployments cover these diverse use cases:
-
Process management: Process management is about enforcing certified gold images or prohibiting "banned processes."
-
Auto-scaling: We provide extensive APIs to support auto-scaling of our products with the protected applications, supporting the "protection goes with asset" model.
-
Docker and Kubernetes cluster access management: Twistlock's Access Control engine allows organizations to extend access control policies to Docker and Kubernetes APIs.
-
Airgap deployment: We support complete air-gap deployments, where the entire Twistlock architecture is deployed inside the customer's firewall with no Internet connections.
Working with these customers helped deepen our understanding of the security needs of enterprises and enrich our offerings. So with the backing of the customers, we are excited to announce the general availability of the Twistlock Container Security Suite for all organizations.
Sonatype and Twistlock
In conjunction, we announced Sonatype as a strategic partner. Sonatype is a leader in software supply chain management with a tremendous knowledge base of open source software. We are excited to leverage their intelligence and expertise to enrich our offerings.
The partnership with Sonatype represents a defense in depth security strategy. With Twistlock and Sonatype users have coverage from the operating system layer through the application layer and across the entire software development life cycle. The Sonatype Lifecycle solution brings to Twistlock richer software compliance and vulnerability information, not only for open source, but also for third-party components that may be included in containers.
Sonatype Nexus Repository complements Sonatype Lifecycle, touting 60,000 installations worldwide -- that now provide support as private Docker registries. Together, Twistlock and Sonatype can address hygiene, compliance and security of containers in Nexus Docker registries and other private registries. You will see a lot more from Sonatype and us in the near future.
Google and Twistlock
Finally, we announce that we have joined Google Cloud Platform partnership program, and our technology is now available on Google Cloud Platform. The integration with Google Cloud Platform (GCP) will allow GCP users to easily leverage Twistlock capabilities to ensure security and compliance of their containers stored in Google Container Registry and protect running containers managed by Google Container Engine. To learn more, read Google's blog on enhancements to Container Engine, of which Twistlock is a part. Our blog on this integration is here.
To read more about Twistlock, go to www.twistlock.com, and our blog about GA announcements here.
Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.
Explore All Posts by Derek WeeksTags
Try Nexus Repository Free Today
Sonatype Nexus Repository is the world’s most trusted artifact repository manager. Experience the difference and download Community Edition for free.