Managing vulnerabilities in a cloud native world with bluefix

Abstract

Bluefix is a solution we created for managing the vulnerabilities in a cloud native world where clients operate their own DevOp pipelines and design the same management function and assurance of that of traditional managed services. We show that the challenges imposed by container cloud and DevOp culture requires significant departure of service management design. As a case study, we examined how vulnerabilities are managed in the pre-cloud native vs. post-cloud native world, identified control points in both DevOp pipeline as well as cloud service fabric as to enable a scalable and automated vulnerability management solution for IBM container cloud. Our journey and exploration in this area has only just begun, as the lessons learned and many remaining challenges hold much promise and opportunities.