OWASP adopts DockSec: Why it matters

OWASP has adopted the container security tool to slow information overload. Here’s what you need to know.

John P. Mello Jr., Freelance technology writer.

Security teams are plagued by information overload — the firehose of data pumped out by their security tools. Now some relief is in sight, at least in regards to container security, as OWASP has adopted a new tool that could lessen alert fatigue.

The DockSec security analyzer for Docker containers provides automated vulnerability detection, intelligent remediation suggestions, and compliance enforcement for containerized applications.

Unlike conventional scanners, DockSec offers a developer-friendly experience by integrating directly into CI/CD pipelines and integrated development environments such as VS Code, delivering real-time, context-aware security insights. OWASP said DockSec generates structured security reports in multiple formats (JSON, CSV, HTML, PDF) and provides actionable recommendations based on best practices and compliance benchmarks.

Here’s what you need to know about DockSec — and what it can do for your application security (AppSec) team.

Download: Software Supply Chain Security Report 2026See discussion: Report webinar

Container security a pressing issue

DockSec author Advait Patel said DevSecOps teams can be overwhelmed by hundreds of CVEs when they scan their container images. “All security teams struggle to answer questions like which of these findings are real threats, which are real risks, which should be fixed now, which can be fixed later, and which can be accepted without any risk,” he said.

Most tools are great at detection but fall short on decision support, Patel said. “They will tell you what is vulnerable, but they won’t tell you why it matters and what to do next,” he said.

DockSec is designed to fit in the gap between raw findings and actionable understanding. Instead of just reporting vulnerabilities, DockSec actually explains them in plain language.
Advait Patel

The goal: to help teams understand why a particular pattern is risky, where it comes from, and how to fix it in a way that is consistent with how they already work, Patel said. “DockSec makes it easier for them to prioritize real threats, real risks, earlier in the pipeline, rather than after the images are deployed,” he said.

Daniel Kennedy, principal research analyst for the information security channel at S&P Global Market Intelligence, said DockSec could help with one of the most pressing issues in application security: tools reporting more findings than can be addressed functionally. Its approach, he said, is to provide context by explaining vulnerabilities and then using AI to consider the context of the particular environment and suggest fixes.

But, he said, the tool is at an early stage.

User feedback will be key to determining whether it successfully meets those goals.
Daniel Kennedy

Vishal Agarwal, CTO of Averlon, said it’s not unusual for security teams to scan hundreds of container images and surface tens of thousands of issues, but many of those are merely build artifacts, test images, or layers that never make it to production. Nonetheless, deployed containers often run with broad network exposure or cloud permissions, he said.

Without understanding which containers are actually running, what they can access, and how vulnerabilities combine with configuration and identity, teams struggle to focus on the risks that actually lead to exposure.
Vishal Agarwal

AI and modern development fuel the problem

The problem has been compounded by AI coding, said Noelle Murata, a senior security engineer at Iterable. “AI-driven development has accelerated code delivery to machine speed, overwhelming legacy scanners and creating pipeline integrity gaps where malicious images and vulnerable code slip through undetected,” she said.

On top of this velocity problem, teams still can’t get the basics right. Containers continue shipping with root privileges, hardcoded secrets, unpatched base images, and wide-open network configurations — fundamental misconfigurations that have plagued infrastructure security for decades but now propagate at unprecedented scale.
Noelle Murata

This means DockSec is arriving at an opportune time, said Rosario Mastrogiacomo, chief strategy officer at Sphere Technology Solutions. “Container security incidents are becoming more common, largely because containers are now central to how modern applications are built and deployed,” he said.

Organizations are pushing code into production faster than ever through CI/CD pipelines that rely heavily on Docker images, open-source dependencies, and automated builds. That speed and scale make it easy for vulnerabilities, misconfigurations, or insecure base images to move from development to production without being fully understood or reviewed.
Rosario Mastrogiacomo

Containers also abstract away underlying infrastructure, which can give teams a false sense of isolation even as attackers increasingly target exposed runtimes, registries, and overly permissive configurations, he said.

Container security incidents are also growing because containers have become the default deployment model for new applications. “Environments now run thousands of short-lived workloads instead of hundreds of long-lived servers,” Averlon’s Agarwal explained. “Teams deploy new images daily or even hourly, and each deployment introduces new dependencies, configurations, and permissions. That combination of scale and deployment velocity has outpaced traditional security operations, which were never designed to reason about risk under that level of churn.

The escalation in container security incidents appears to be following a pattern seen before, Interable’s Murata said. “It echoes the security challenges we saw with hypervisors during earlier virtualization waves. AI-accelerated development is now pushing code into containers faster than security practices can keep pace, while attackers exploit the same fundamental issues that plagued virtualization — privilege escalation, inadequate isolation, resource contention, and the ability to break out of sandboxed environments to compromise the underlying infrastructure.”

The core vulnerabilities remain familiar — misconfigurations, weak network segmentation, unverified images — but the speed and scale at which they’re being introduced has intensified dramatically, creating what amounts to history repeating itself at machine speed.
Noelle Murata

Why DockSec will help

Murata said tools such as DockSec demonstrate that the industry is finally learning from the hypervisor mistakes of the past by building context-aware, automated controls that can operate at machine speed.

The path forward requires immediately implementing zero-trust architectures, forced verification of updates, and AI-driven security tooling that eliminates the noise and ambiguity that have paralyzed teams for decades.
Noelle Murata

And while DockSec is a move in the right direction, she said, we must “act with urgency by treating developer workstations as untrusted, mandating cryptographic integrity at every layer, and refusing to repeat the voluntary upgrade failures that enabled six-month compromises in critical infrastructure.”

Neil Carpenter, principal solution architect at Minimus, said reducing alert fatigue is central to improving container security. “Having strong baseline tools to provide developers with actionable approaches to remediate the right risks is a great step forward here, particularly when combined with [Secure by Design] approaches that eliminate swathes of alerts up front through guardrails that prevent introductions of vulnerabilities and misconfigurations,” he said.

However, he cautioned that organizations need to apply additional rigor when consuming AI-generated remediation guidance.

While models have gotten better, I still frequently see examples of remediation steps generated by LLMs that are plausible but, with expert analysis, may ultimately not address the risk or introduce other problems.
Neil Carpenter

Sphere Technology’s Mastrogiacomo said container security has evolved beyond a pure tooling problem. “It’s now a workflow and governance challenge. As pipelines become more automated and increasingly influenced by AI-driven tooling, organizations need security controls that are explainable, actionable, and continuous,” he said.

Projects like DockSec are important because they reflect this shift, emphasizing clarity and prevention over after-the-fact scanning. The goal isn’t to surface more vulnerabilities. It’s to help teams fix the right problems at the right time without slowing down delivery.
Rosario Mastrogiacomo

Learn how to secure AI in container workloads — and why an ML-BOM is key.

Keep learning

Get up to speed on the state of software security with RL's Software Supply Chain Security Report 2026. Plus: See the the webinar to discussing the findings.
Learn why binary analysis is a must-have in the Gartner® CISO Playbook for Commercial Software Supply Chain Security.
Take action on securing AI/ML with our report: AI Is the Supply Chain. Plus: See RL's research on nullifAI and watch how RL discovered the novel threat.
Get the report: Go Beyond the SBOM. Plus: See the CycloneDX xBOM webinar.

Explore RL's Spectra suite: Spectra Assure for software supply chain security, Spectra Detect for scalable file analysis, Spectra Analyze for malware analysis and threat hunting, and Spectra Intelligence for reputation data and intelligence.

Tags:AppSec & Supply Chain Security