Resources Blog Improving Container Security: Docker and More

Improving Container Security: Docker and More

This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock.

Earlier this week, Sonatype announced a strategic partnership with Twistlock. The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies. For this reason, we invited Chenxi Wang, Chief Strategy Officer from Twistlock, to share some insight on their business and technology here with our community. We’ll also be in Barcelona next week with Twistlock sharing insights with the Docker community at large.

 Screen Shot 2015-11-12 at 2.00.06 PM

Introducing Twistlock

After 6 months and 15 successful beta deployments, Twistlock is announcing the general availability of our container security suite.

Twistlock came out of stealth in May 2015. Since then, we have been working diligently with a select group of beta customers to validate the value of our offerings. This diverse group of 15 beta testers, including Wix, AppsFlyer, and HolidayCheck, spans financial services, hospitality, healthcare, Internet services, and government. These customers confirmed that we are hitting the sweet spot of their most pressing container security needs -- a majority of them already deployed our product into their production environments, protecting live services and customer data.

Today our beta deployments cover these diverse use cases:

  • Process management: Process management is about enforcing certified gold images or prohibiting "banned processes".
  • Auto-scaling: We provide extensive APIs to support auto-scaling of our products with the protected applications, supporting the "protection goes with asset" model.
  • Docker and Kubernetes cluster access management: Twistlock's Access Control engine allows organizations to extend access control policies to Docker and Kubernetes APIs.
  • Airgap deployment: We support complete airgap deployments where the entire Twistlock architecture is deployed inside the customer's firewall with no Internet connections.

Working with these customers helped to deepen our understanding of the security needs for enterprises and enrich our offerings. So with the customers' backing, today we are excited to announce the general availability of the Twistlock Container Security Suite for all organizations.

Sonatype and Twistlock

In conjunction, we announced Sonatype as a strategic partner. Sonatype is a leader in software supply chain management with a tremendous knowledge base of open source software. We are excited to leverage their intelligence and expertise to enrich our offerings.

The partnership with Sonatype represents a defense in depth security strategy. With Twistlock and Sonatype users have coverage from the operating system layer through the application layer and across the entire software development lifecycle. Sonatype’s Nexus Lifecycle solution brings to Twistlock richer software compliance and vulnerability information, not only for open source but also for third-party components that may be included in containers.

Nexus Lifecycle is complemented by Nexus repository managers -- touting 60,000 installations worldwide -- that now provide support as private Docker registries. Together, Twistlock and Sonatype will be able to address hygiene, compliance and security of containers in Nexus Docker registries and other private registries. You will see a lot more from Sonatype and us in the near future!

Google and Twistlock

FInally, we announce that we have joined Google Cloud Platform partnership program and our technology is now available on Google Cloud Platform. The integration with Google Cloud Platform (GCP) will allow GCP users easily leverage Twistlock capabilities to ensure security and compliance of their containers stored in Google Container Registry and protect running containers managed by Google Container Engine. To learn more, read Google’s blog on enhancements to Container Engine, of which Twistlock is a part. Our blog on this integration is here.


To read more about Twistlock, go to, and our blog about GA announcement here.


Picture of Derek Weeks

Written by Derek Weeks

Derek serves as vice president and DevOps advocate at Sonatype and is the co-founder of All Day DevOps -- an online community of 65,000 IT professionals.