Tigera Enhances Calico Cloud and Calico Enterprise
September 2024 by Marc Jacob
Tigera announced several new features for Calico Cloud and Calico Enterprise. These enhancements improve the efficiency of remediating vulnerabilities in container images, and ensure compatibility with the latest deployment options for OpenShift.
Organizations across nearly every industry and vertical rely on containerized applications to run their business or deliver their products or services. Container orchestrators such as Kubernetes have become the engine for innovation, and as more business-critical applications run on these platforms, the importance of security has become paramount.
Tigera enables DevOps and platform engineering teams to address key requirements for improving the security of their container platforms. The latest release of Calico Cloud advances this initiative by introducing several new capabilities that simplify identifying high-risk container images, improve the signal-to-noise ratio for scanning, and tune container-based threat detection to specific customer environments.
Improved scanning mode that includes third-party vendor assessments
Security practitioners largely rely on the Common Vulnerability Scoring System (CVSS) to understand the severity of a vulnerability in a container image. However, in some cases, a trusted vendor may perform their own analysis of vulnerabilities that affect their software. This may result in the vendor providing justification for lowering the severity and neglecting to provide a fix.
Now, Calico Cloud takes these vendor assessments into account by default to improve accuracy, and will automatically make adjustments to scan results so that teams can focus on remediation efforts on vulnerabilities that do pose a risk to their environment.
Bulk exceptions available in Image Assurance
The new updates to Calico Cloud and Calico Enterprise also bolster managing the “noise floor” for vulnerabilities, allowing users to create exceptions with varying levels of scope in bulk via uploading a CSV file. This gives operators a way to tune their remediation efforts and focus their patching on vulnerabilities that pose the greatest risk to their environment. This CSV file can be generated for scan results using a combination of filters, which helps to streamline the process of creating exceptions and supports approval workflows that may exist outside of Calico Cloud.
Integration with Jira for delegating and tracking remediation
Jira is one of the most popular tools among DevOps and application teams to assign and track work, from feature development to bug fixing or vulnerability remediation.
Calico Cloud now provides an integration with Jira so operators can assign and track remediation directly from the Image Assurance UI. When a ticket is created from a scan result in Calico Cloud, all of the relevant container image and vulnerability details are automatically attached so developers can quickly ascertain the work required for remediation.
Powerful new filtering capabilities
Image Assurance also includes powerful new filtering capabilities to segment scan results by over a dozen different variables that include both runtime and build time metadata. It enables users to achieve greater efficiency in vulnerability management for their cloud native applications.
Customize and tune container-based threat detection
The enhancements to Calico Cloud also improve the accuracy and efficiency of detecting and responding to security events related to container-based threat detection. Administrators can now selectively choose which types of detectors to enable in their cluster, giving teams the ability to phase their deployment and tune and customize threat detection to their environment.
Calico Enterprise adds support for Hosted Control Planes in OpenShift
Calico Enterprise has also added support for Hosted Control Planes, a popular new deployment option for Red Hat OpenShift. Hosted Control Planes allow users to create control planes as pods on a hosting cluster without the need for dedicated virtual or physical machines for each control plane. This allows customers with multiple OpenShift clusters to significantly reduce the footprint and operational costs associated with these platforms.