Containers are often designed to be stateless. That means all state changes made by the application happen in the database, or some external storage. They don’t happen on the container filesystem.
Previously, this made using Cryptosense Analyzer difficult. That’s because our IAST cryptography analysis tool works by tracing the calls an application makes to its cryptography libraries, and writing them to a trace file for later upload to Analyzer.
Now we’ve added an option to our tracer to stream the crypto calls straight to the Analyzer over the network. This gives you an easy way to use it in containerized environments. It also keeps our tracer lightweight, which avoids the performance and stability issues that some other IAST tools suffer. It works with the SaaS or on-prem versions of Analyzer.
That means if you use containers or serverless technologies, you can now automate cryptographic security and compliance testing in your CI/CD toolchain. Get in touch to arrange a trial.