Docker Security Team

At Docker we have spent a lot of time discussing runtime security and isolation as a core part of the container architecture. However that is just one aspect of the total software pipeline. Instead of a one time flag or setting, we need to approach security as something that occurs at every stage of the application lifecycle. Organizations must apply security as a core part of the software supply chain where people, code and infrastructure are constantly moving, changing and interacting with each other. If you consider a physical product like a phone, it’s not enough to think about the security…

Continue reading...
Jacqueline Lum

  Continuing our Docker Online meetup series centered on the Docker 1.6 release, we are pleased to share the video recording from Tuesday’s webinar with Stephen Day, distribution tech lead at Docker. In this session, Stephen first gives a little history around the first version of the Docker Registry API V1 before introducing the design of Docker Registry HTTP API V2 and implementation of Registry 2.0. Stephen ends the talk with a preview of the future of Docker image distribution. Check out the video recording and the slides below for more details!

Continue reading...
Scott Johnston

Today we’re pleased to announce the availability of Docker Engine 1.3.  With over 750 commits from 45 contributors, this release includes new capabilities as well as lots of quality enhancements.  You can get more details in the release notes, but we’ll highlight four of the new features here. Tech Preview: Digital Signature Verification First up, in this release, the Docker Engine will now automatically verify the provenance and integrity of all Official Repos using digital signatures. Official Repos are Docker images curated and optimized by the Docker community to be the best building blocks for assembling distributed applications.  A valid signature provides an added…

Continue reading...