Flexible image scanning
StackRox provides a built-in image scanner to easily discover vulnerabilities in your container images, with options to identify vulnerabilities based on specific languages and packages or by image layer. We also integrate with your existing scanning solution such as Anchore, Google Cloud Container Analysis, Quay, or another one.
Rapid, rich search
StackRox includes search capabilities for fast enumeration, filtering, and discovery of vulnerabilities across your entire environment, allowing you to find and address vulnerabilities more quickly.
StackRox integrates with your CI/CD pipeline to fail a build if it contains an egregious vulnerability. Our software provides the developer details of why the build failed and how to remediate it. You can also block deployments or scale them to zero if they have a vulnerability you deem critical.
Runtime vulnerability discovery
StackRox identifies in real-time vulnerabilities in running deployments rather than just images so that you quickly quantify your actual exposure for streamlined remediation.
Advanced policy enforcement
StackRox enforces policies across the entire lifecycle based on vulnerability information–at build time with CI/CD pipeline integration, at deploy time using dynamic admission control, and at runtime with its Kubernetes-native enforcement. StackRox combines contextual information from your deployment, such as the age of an image or its last scan date, whether a sensitive workload is running with a vulnerability, or if an image is taken from an untrusted public registry, to enforce smarter policies.
It took me a day and a half to track down libssh in our running deployments. With StackRox, I did it with just a few clicks.