Nathan McCauley

Your Software is Safer in Docker Containers

The Docker security philosophy is Secure by Default. Meaning security should be inherent in the platform for all applications and not a separate solution that needs to be deployed, configured and integrated. Today, Docker Engine supports all of the isolation features available in the Linux kernel. Not only that, but we’ve supported a simple user experience by implementing default configurations that provide greater protection for applications running within the Docker Engine, making strong security default for all containerized applications while still leaving the controls with the admin to change configurations and policies as needed. But don’t take our word for it.  Two independent groups have evaluated Docker Engine for you and recently released statements about the inherent security value of Docker. Gartner analyst Joerg Fritsch recently published a new paper titled How to Secure Docker Containers in Operation on this blog post.  In it Fritsch states the following: “Gartner Continue reading…

Diogo Mónica

A Look Back at One Year of Docker Security

Security is one of the most important topics in the container ecosystem right now, and over the past year, our team and the community have been hard at work adding new security-focused features and improvements to the Docker platform.

Docker Security Team

Notary 0.2 – Delegations and more!

The Notary ™ project has been continuing to forge towards 1.0 and we’re pleased to announce our 0.2 release. In addition to various minor improvements and bugfixes we have added some significant features. Read on to find out more!

Adam Herzog

Docker Online Meetup #33: Docker Engine 1.10 Security Enhancements

Earlier today, Dr. Diogo Mónica, Security Lead here at Docker Inc., presented during a Docker Online Meetup that was all about the security enhancements in Docker Engine 1.10! Diogo discussed all of the big security features in Docker Engine 1.10 you’ve been asking for (which are now available to use!) including: user namespacing for isolating system users seccomp profiles for filtering syscalls an authorization plugin system for restricting access to Engine features Below are the recorded video and slides from today’s Docker Online Meetup. More about Docker 1.10’s huge leap forward for container security is also available to read in this blog post.

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.

Docker Engine 1.10 Security Improvements

It’s been a crazy past few months with DockerCon and the holidays but yet we are still hacking away on the Docker Engine and have some really awesome security features I would like to highlight with the release of Docker Engine 1.10. Security is very important to us and our approach is two-fold; one is to provide a secure foundation on which to build applications and second, to provide capabilities to secure the applications themselves. Docker Engine is the foundation on which you pull, build and run containers and all the features listed below are about giving your more granular controls for access, resources and other kickass stuff… OK, enough with the introduction – let’s get to the good stuff!

Nathan McCauley

Security Release: Docker 1.8.3 and 1.6.2-CS7

As part of our ongoing security efforts, a vulnerability was discovered that affects the way content is stored and retrieved within the Docker Engine. Today we are releasing a security update that addresses this issue in accordance with our coordinated responsible disclosure policy. The new versions and upgrade instructions can be found here for open source users and here for commercially supported customers.

Diogo Mónica

Introducing Docker Content Trust

Image Signing and Verification using The Update Framework (TUF) A common request that we’ve heard from the Docker community is the need to have strong cryptographic guarantees over what code and what versions of software are being run in your infrastructure. This is an absolute necessity for secure and auditable production deployments. To answer these needs, we are excited to announce a new feature in 1.8 called Docker Content Trust which integrates The Update Framework (TUF) into Docker using Notary, an open source tool that provides trust over any content.

Mario Ponticello

Understanding Official Repos on Docker Hub

What are Official Repositories? Official Repositories (“Repos”) are a curated set of image repositories that contain content packaged and maintained directly by Docker, our upstream partners, and the broader community. The repository itself contains the same software you can get directly from the upstream project, but has been packaged as a Docker repository for distribution on Docker Hub. Currently, there are 74 Official Repos on Docker Hub, and these images have been pulled over 53 million times to build their applications.