"We can finally sleep tight knowing our images are always clean. Vulnerability requests dropped to basically zero – and our developers can stay focused on what actually matters."
Meet Port
Port builds an internal developer portal designed to bring visibility, control, and autonomy to engineering organizations. Used by hundreds of companies and serving tens of millions of API requests each day, the platform serves as a centralized hub for developer experience – offering scorecards, automation, cataloging, and more. Port’s mission is to reduce cognitive load for developers, bringing order and efficiency to increasingly complex R&D stacks.
The vulnerability challenge
The challenge for Port was the scale and complexity of supporting both their own microservice images and 100+ customer-deployed integration images. Large enterprises routinely scanned these images with their own security tools before adoption, and the moment a high-severity CVE appeared, everything else stalled.
“Our more security-oriented customers would scan our integration images with their own tools,” Mor explained. “And when they found vulnerabilities, they expected us to fix them immediately.”
Because each integration image contains slightly different libraries and dependencies, fixes weren’t reusable. A single request often required 1-3 developer days, and with customers relying on multiple integrations at once, even one scan could trigger a series of urgent remediation tasks.
Before echo, Port saw several customer-reported CVE issues every month, each one pulling developers out of sprint work and disrupting product momentum. “We want our customers to have peace of mind using our images,” Mor said, “but the time we spent resolving vulnerabilities was really significant.” Over time, it created a recurring operational drain – roughly a full day every week spent chasing CVEs, triaging discrepancies, and responding to customer security teams instead of developing new features and integrations for them.
The echo solution
Port turned to echo for a way to maintain security without sacrificing velocity. “We actually evaluated a few different options, but echo stood out for its clarity of vision and partner-driven approach.”
echo gave Port continuously updated, CVE-free base images that worked exactly like their existing ones – eliminating rework, customer escalations, and image drift. The implementation process was smooth across both their Ocean integration framework and their internal microservices. “For the integrations, we just did some testing with the new builds, so no code changes were required,” Mor shared. “For the microservices, we made small Dockerfile adjustments, and echo guided us through the entire process.”
Beyond seamless implementation, echo’s single, continuously updated tag eliminated drift and ensured Port always has a clean base image – without any additional work. “In the past, we’d fix an image, switch to a new tag, and have vulnerabilities again. With echo, the tag updates in the background and stays clean,” Mor explained.
Real results and impact
The impact of echo was immediate. “Customer-reported CVE requests have dropped to basically zero,” Mor said, eliminating the urgent escalations that previously pulled DevOps, support, and R&D into fire-drill mode.
Without those mid-sprint interruptions and time-draining remediation cycles across 100+ integrations, Port has saved thousands of developer and security hours each year, translating into $3.2M saved annually. “Our engineers know they won’t get a request asking them to fix something,” Mor explained. “So they can actually focus on development and innovation.”
The improvement has extended beyond operations. Port’s security posture immediately strengthened, with fewer delays in customer onboarding and smoother security reviews. “It intuitively helps with deals because customers know they can trust our images,” Mor said. With echo maintaining clean images in the background, Port can continue scaling confidently with security handled automatically and engineering time invested where it matters most: product innovation.
Takeaway
echo transformed Port’s engineering efficiency, customer experience, and product reliability, all without changing how the team builds or deploys its software. “You need something like echo in your stack as soon as possible. There’s just no downside,” Mor said.
Port’s developers now work without interruption, DevOps no longer chases teams down for fixes, support no longer manages these kinds of escalations, and customers can adopt integrations with full confidence. “With echo, we can count on our images always being clean – and so can our customers.”
