da Agency

Reclaim Developer Hours through Smarter Vulnerability Prioritization with Docker and Mend.io

We recently announced the integration between Mend.io and Docker Hardened Images (DHI) provides a seamless framework for managing container security. By automatically distinguishing between base image vulnerabilities and application-layer risks, it uses VEX statements to differentiate between exploitable vulnerabilities and non-exploitable vulnerabilities, allowing your team to prioritize what really matters.

TL;DR: The Developer Value Proposition

The hallmark of this integration is its zero-configuration setup.

Automatic Detection: Mend.io identifies DHI base images automatically upon scanning. No manual tagging or configuration is required by the developer.

Visual Indicators: Within the Mend UI, DHI-protected packages are marked with a dedicated Docker icon and informative tooltips, providing immediate transparency into which components are managed by Docker’s hardened foundation.

Transparent Layers: Users can inspect findings by package, layer, and risk factor, ensuring a clear audit trail from the base OS to the custom application binaries.

Dynamic Risk Triage: VEX + Reachability

Standard scanners flag thousands of vulnerabilities that are present in the file system but never executed. This integration uses two layers of intelligence to filter the noise:

Risk Factor Integration: Mend.io incorporates Docker’s VEX (Vulnerability Exploitability eXchange) data as a primary source of “Risk Factor” identification.

The “Not Affected” Filter: If a CVE is marked as not_affected by Docker’s VEX data or determined to be Unreachable by Mend’s analysis, it is deprioritized.

Bulk Suppression: Developers can suppress non-functional risks in bulk—potentially clearing thousands of non-exploitable vulnerabilities with a single click—allowing teams to focus on the 1% of reachable, exploitable risks in their custom layers.

Operationalizing Security with Workflows

Mend.io allows organizations to move beyond simple scanning into automated governance:

SLA & Violation Management: Automatically trigger violations and set remediation deadlines (SLAs) based on vulnerability severity.

Custom Alerts: Configure workflows to receive instant notifications (via email or Jira) whenever a new DHI is added to the environment.

Pipeline Gating: Use Mend’s workflow engine to fail builds only when high-risk, reachable vulnerabilities are introduced in custom code, keeping the CI/CD pipeline moving.

Continuous Patching & AI-Assisted Migration

Automated Synchronization: For Enterprise DHI users, patched base images are automatically mirrored to Docker Hub private repositories. Mend.io verifies these updates, confirming that base-level risks have been mitigated without requiring a manual Pull Request.

Ask Gordon: Leverage Docker’s AI agent to analyze existing Dockerfiles and recommend the most suitable DHI foundation, reducing the friction of migrating legacy applications to a secure environment.

The Mend.io and Docker integration operationalizes this by providing an auditable trail of security declarations, ensuring compliance is a byproduct of the standard development workflow rather than a separate, manual task.

Learn more

Learn more about the integration and Docker’s VEX statements in the following links:

Check Docker Hardened Images documentation: https://docs.docker.com/dhi/ 

Start your free Docker Hardened Image trial: https://hub.docker.com/hardened-images/start-free-trial

Read Mend’s point of view on the benefits of VEX: https://www.mend.io/blog/benefits-of-vex-for-sboms/

Quelle: https://blog.docker.com/feed/

da Agency

Oracle Database@AWS is now available in twelve AWS Regions

Oracle Database@AWS is now generally available in five additional AWS Regions: EU-West-1 (Dublin), EU-West-2 (London), AP-South-1 (Mumbai), AP-South-2 (Hyderabad), and AP-Northeast-2 (Seoul). Oracle Database@AWS enables customers to access Oracle Cloud Infrastructure (OCI) managed Oracle Exadata systems within AWS data centers. With this launch, customers in Europe and Asia Pacific with in-region data residency requirements can migrate on-premises Oracle Exadata and Oracle Real Application Clusters (RAC) applications to AWS. Dublin, Mumbai, and Hyderabad are available with two Availability Zones (AZs), while London and Seoul are available with one Availability Zone. Additionally, CA-Central-1 (Canada Central) and AP-Southeast-2 (Sydney) now support two Availability Zones, providing enhanced high availability for production workloads. With this expansion, Oracle Database@AWS services are now available in twelve Regions: US-East-1 (N. Virginia), US-West-2 (Oregon), US-East-2 (Ohio), CA-Central-1 (Canada Central), EU-Central-1 (Frankfurt), EU-West-1 (Dublin), EU-West-2 (London), AP-Northeast-1 (Tokyo), AP-Southeast-2 (Sydney), AP-South-1 (Mumbai), AP-South-2 (Hyderabad), and AP-Northeast-2 (Seoul). To use Oracle Database@AWS services, request a private offer from Oracle through the AWS Marketplace, and use AWS Management Console to setup and use your databases. To learn more, visit Oracle Database@AWS overview and documentation.
Quelle: aws.amazon.com

da Agency

Amazon OpenSearch Service now supports Graviton4 based i8ge instances

Amazon OpenSearch Service now supports i8ge instances, which is the latest generation of storage optimized instances offering the best performance for storage-intensive workloads. Powered by AWS Graviton4 processors, I8ge instances deliver up to 60% better compute performance compared to previous generation Graviton2-based storage optimized Im4gn instances. I8ge instances use the latest third generation AWS Nitro SSDs, local NVMe storage that deliver up to 55% better real-time storage performance per TB while offering up to 60% lower storage I/O latency and up to 75% lower storage I/O latency variability compared to previous generation Im4gn instances. Built on the AWS Nitro System, these instances offload CPU virtualization, storage, and networking functions to dedicated hardware and software enhancing the performance and security for your workloads. I8ge instances are available of sizes up to 18xlarge and 45 TB instance storage. At 112.5 Gbps, these instances have the highest networking bandwidth among storage optimized instances available in Amazon OpenSearch Service. I8ge instances support all OpenSearch versions & Elasticsearch (open source) versions 7.9 and 7.10. Amazon OpenSearch Service supports i8ge instances in following AWS Regions : US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (Stockholm), Asia Pacific (Malaysia), Asia Pacific (Mumbai), Asia Pacific (Singapore) and Asia Pacific (Sydney). For region specific availability & pricing, visit our pricing page. To learn more about Amazon OpenSearch Service and its capabilities, visit our product page.
Quelle: aws.amazon.com

da Agency

Amazon Bedrock AgentCore Browser adds OS-level interaction capabilities

Amazon Bedrock AgentCore Browser now supports OS-level interaction capabilities, enabling automation of browser workflows that require direct operating system control beyond Chrome DevTools Protocol (CDP) capabilities. This enhancement addresses automation scenarios where CDP alone is insufficient, such as mouse operations, print dialogs, native system alerts, and keyboard shortcuts. The feature serves AI agent developers, test automation engineers, and organizations building LLM-powered web interaction tools. The new capabilities provide automation through mouse operations (click, move, drag, scroll), keyboard operations (type, press, shortcuts like ctrl+a and ctrl+p), and full desktop screenshots, all at OS-level coordinates extending beyond the browser viewport. Key use cases include automated testing with system dialog handling, document management workflows, complex UI interactions with right-click menus, and vision-based AI agents that require complete browser environment visibility. This feature is available by default on all browser instances in all 14 AWS Regions where Amazon Bedrock AgentCore Browser is available: US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Frankfurt), Europe (Ireland), Europe (London), Europe (Paris), Europe (Stockholm), Asia Pacific (Mumbai), Asia Pacific (Singapore), Asia Pacific (Sydney), Asia Pacific (Tokyo), Asia Pacific (Seoul), and Canada (Central). To learn more, visit the AgentCore Browser documentation. 
Quelle: aws.amazon.com

da Agency

Amazon Bedrock now offers Claude Mythos Preview (Gated Research Preview)

Amazon Bedrock, the platform for building generative AI applications and agents at production scale, now offers Claude Mythos Preview in gated research preview as part of Project Glasswing. Claude Mythos Preview is Anthropic’s most advanced AI model to date, representing a fundamentally new model class with state-of-the-art capabilities across cybersecurity, software coding, and complex reasoning tasks. The model can identify sophisticated security vulnerabilities in software and demonstrate exploitability, comprehending large codebases and delivering actionable findings with less manual guidance than previous AI models. This enables security teams to accelerate defensive cybersecurity work, find and fix security vulnerabilities in the world’s most critical software, and address these issues before threats emerge. Claude Mythos Preview signals an upcoming wave of AI models with powerful cybersecurity capabilities. Anthropic and AWS are taking a deliberately cautious approach to release, prioritizing internet-critical companies and open-source maintainers whose software and digital services impact hundreds of millions of users. This approach gives defenders the opportunity to strengthen their codebases and share what they learn so the whole industry can benefit. Claude Mythos Preview is available in gated preview in the US East (N. Virginia) Region through Amazon Bedrock. Access is limited to an initial allow-list of organizations. If your organization has been allow-listed, your AWS account team will reach out directly. For AWS CISO Amy Herzog’s perspective on this launch and what it means for the future of cybersecurity, read Building AI Defenses at Scale: Before the Threats Emerge.
Quelle: aws.amazon.com