This blog was contributed by Chenxi Wang, Chief Strategy Officer at Twistlock.
Earlier this week, Sonatype announced a strategic partnership with Twistlock. The relationship is incredibly important to furthering automation and security across the software supply chain as it relates to container technologies. For this reason, we invited Chenxi Wang, Chief Strategy Officer from Twistlock, to share some insight on their business and technology here with our community. We’ll also be in Barcelona next week with Twistlock sharing insights with the Docker community at large.
Twistlock came out of stealth in May 2015. Since then, we have been working diligently with a select group of beta customers to validate the value of our offerings. This diverse group of 15 beta testers, including Wix, AppsFlyer, and HolidayCheck, spans financial services, hospitality, healthcare, Internet services, and government. These customers confirmed that we are hitting the sweet spot of their most pressing container security needs -- a majority of them already deployed our product into their production environments, protecting live services and customer data.
Today our beta deployments cover these diverse use cases:
- Process management: Process management is about enforcing certified gold images or prohibiting "banned processes".
- Auto-scaling: We provide extensive APIs to support auto-scaling of our products with the protected applications, supporting the "protection goes with asset" model.
- Docker and Kubernetes cluster access management: Twistlock's Access Control engine allows organizations to extend access control policies to Docker and Kubernetes APIs.
- Airgap deployment: We support complete airgap deployments where the entire Twistlock architecture is deployed inside the customer's firewall with no Internet connections.
Working with these customers helped to deepen our understanding of the security needs for enterprises and enrich our offerings. So with the customers' backing, today we are excited to announce the general availability of the Twistlock Container Security Suite for all organizations.
Sonatype and Twistlock
In conjunction, we announced Sonatype as a strategic partner. Sonatype is a leader in software supply chain management with a tremendous knowledge base of open source software. We are excited to leverage their intelligence and expertise to enrich our offerings.
The partnership with Sonatype represents a defense in depth security strategy. With Twistlock and Sonatype users have coverage from the operating system layer through the application layer and across the entire software development lifecycle. Sonatype’s Nexus Lifecycle solution brings to Twistlock richer software compliance and vulnerability information, not only for open source but also for third-party components that may be included in containers.
Nexus Lifecycle is complemented by Nexus repository managers -- touting 60,000 installations worldwide -- that now provide support as private Docker registries. Together, Twistlock and Sonatype will be able to address hygiene, compliance and security of containers in Nexus Docker registries and other private registries. You will see a lot more from Sonatype and us in the near future!
Google and Twistlock
FInally, we announce that we have joined Google Cloud Platform partnership program and our technology is now available on Google Cloud Platform. The integration with Google Cloud Platform (GCP) will allow GCP users easily leverage Twistlock capabilities to ensure security and compliance of their containers stored in Google Container Registry and protect running containers managed by Google Container Engine. To learn more, read Google’s blog on enhancements to Container Engine, of which Twistlock is a part. Our blog on this integration is here.