Docker Security Team

Securing the Enterprise Software Supply Chain Using Docker

At Docker we have spent a lot of time discussing runtime security and isolation as a core part of the container architecture. However that is just one aspect of the total software pipeline. Instead of a one time flag or setting, we need to approach security as something that occurs at every stage of the application lifecycle. Organizations must apply security as a core part of the software supply chain where people, code and infrastructure are constantly moving, changing and interacting with each other. If you consider a physical product like a phone, it’s not enough to think about the security of the end product. Beyond the decision of what kind of theft resistant packaging to use, you might want to know  where the materials are sourced from and how they are assembled, packaged, transported. Additionally it is important to ensure Continue reading…

Vivek Saraswat

Docker Datacenter @ DockerCon 2016: Image security, Engine 1.12 and Burning Man…

Interested in learning more about our plans for Docker in the Enterprise and getting involved in an upcoming Docker Datacenter beta? Let’s take a deeper look. On the second day of DockerCon, the keynote used different situations to discuss enterprise use of Docker. Our CEO Ben Golub broke down several fallacies in IT, CTO Keith Fulton of ADP painted a delicious picture of microservices as chicken nuggets, and Lily and I… well, we averted a massive security disaster and got our costumes ready for Burning Man. Aside from shiny sequined jackets (not my normal wardrobe, I promise) and Ben’s enthusiastic “business guy” cameo, we presented a prototype of a future version of Docker Datacenter, our commercial solution for running containers-as-a-service (CaaS) in an on-premises or public cloud enterprise environment. Docker Datacenter is an integrated CaaS platform to securely ship, orchestrate and manage Dockerized Continue reading…

Chris Hines

Webinar Q&A: Scanning Images and Ensuring Secure Content with Docker Security Scanning

A few weeks back we released Docker Security Scanning. The tool formerly known as Nautilus provides binary scanning of images on a layer by layer basis. It then provides teams with the actionable intelligence they need in or to ensure they are leveraging secure base images as they build their applications, helping to secure the application delivery pipeline. The feature is available today as a free preview within Docker Cloud.

Toli Kuznets

Docker Security Scanning safeguards the container content lifecycle

written by Lily Guo, Toli Kuznets and Nandhini Santhanam Today we announced the general availability of Docker Security Scanning, formerly known as Project Nautilus. Available today as an add-on service to Docker Cloud private repositories and for Official Repositories located on Docker Hub, Security Scanning provides a detailed security profile of your Docker images for proactive risk management and to streamline software compliance. Docker Security Scanning conducts binary level scanning of your images before they are deployed, provides a detailed bill of materials (BOM) that lists out all the layers and components, continuously monitors for new vulnerabilities, and provides notifications when new vulnerabilities are found.

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.