Today, Canonical announced the availability of its curated set of secure container application images on Amazon ECR Public, complementing the current offering.
Multiple registries, one product
Developers now also have access to the LTS Docker Image Portfolio from the Amazon ECR Public registry. Free and commercial versions of the hardened images are available.
The image portfolio includes fast-moving developer-oriented images, regularly rolling to newer releases of either the application or the Ubuntu base layer. An example MySQL image delivered on top of Ubuntu 20.04 LTS on Amazon ECR Public is at:
docker pull public.ecr.aws/ubuntu/mysql:8.0-20.04_beta
Stable versions of the images with up to five years of free standard security maintenance can be found at:
docker pull public.ecr.aws/lts/mysql:8.0-20.04_beta
Up to ten years of Extended Security Maintenance is available for Canonical customers.
Up to 10-year security commitment
Announced last week, Canonical’s long term commitment to security is expanded to open source applications delivered as container images on Docker Hub. With Ubuntu as the base layer, these images benefit from the five year standard security maintenance period and ten years under Extended Security Maintenance (ESM) on the full stack.
“Although it’s legitimate to ask whether one container image should be kept running for ten years, the likelihood is that some containers may well run in production environments for up to ten years and they need to be secured throughout,” said Valentin Viennot, Product Manager at Canonical. “DevSecOps teams are facing a commensurable technical challenge with containers and we want to remove the risk of discovering new vulnerabilities in existing containers too late, without the skillset to fix them in a reasonable timeframe. The LTS Docker Image Portfolio now offers this expertise on Amazon ECR Public.”
Read more in AWS’ four new container capabilities press release.
Recent surveys found that many popular containers had known vulnerabilities. Container images provenance is critical for a secure software supply chain in production. Benefit from Canonical’s security expertise with the LTS Docker images portfolio, a curated set of application images, free of vulnerabilities, with a 24/7 commitment.