Diogo Mónica

Docker Security Tools and Upcoming Webinar

I wanted to follow up on our recent security blog post on May 5th introducing the CIS Benchmark and our Docker white paper. Having the documents is useful, however the ability to easily put these benchmarks into practice is equally important. To do that I built the Docker Bench for Security which automates validating a host’s configuration against the CIS Benchmark recommendations.  This is the first in many planned tools we aim to bring to the Docker user community in checking and improving the security of their deployments.     You can run the Docker Bench for Security as a Docker container with the command below, or simply execute a script from your base host.

Diogo Mónica

Understanding Docker Security and Best Practices

Nathan McCauley and I have been working on a bunch of things since joining Docker. One area that we noticed is lacking is in the availability of information around Docker architecture and best practices in securely configuring and deploying Dockerized applications. This knowledge exists across the vast community of Docker users but we realized that we just haven’t gotten around to writing it down and sharing with everyone else.   As part of that process, Jérôme Petazzoni and I joined representatives from VMware, Rakuten, Cognitive Scale and International Securities Exchange to collaborate with the Center for Internet Security on a benchmark for Docker Engine 1.6. The CIS Security Benchmarks program provides well-defined, unbiased and consensus-based industry best practices to help organizations assess and improve their security.   We believe that unbiased and community driven benchmarks like this are important in providing Continue reading…

Diogo Mónica

Secured at Docker – Diogo Mónica and Nathan McCauley

I’m thrilled to officially announce that Nathan McCauley and I are joining Docker to lead the Security Team. Back in 2011, Nathan and I were fortunate enough to join Square just as it was picking up steam. Square disrupted traditional point-of-sale systems by allowing anyone to take credit-card payments on their phone. And with great, disruptive ideas came new and interesting security engineering challenges. During our time at Square we built a wide range of different systems, from an general purpose cryptography infrastructure, a fully-fledged mutual-TLS micro-service architecture and a small end-to-end encrypted credit-card reader. All of these systems allow Square to move hundreds of millions of dollars per day. We are incredibly proud of what we have achieved at Square but a new opportunity presented itself. 

DockerCon EU: Trust and Image Provenance

At Dockercon EU we discussed the opportunities and challenges around trust within Docker. We covered an analysis of the existing state of trust as well as early ideas and proposals for improving trust in the future. We gave a demo of a proof of concept showing what is possible using public key cryptography for establishing trust within the Docker engine.  

Get the Latest Docker News by Email

Docker Weekly is a newsletter with the latest content on Docker and the agenda for the upcoming weeks.

Scott Johnston

Docker 1.3: signed images, process injection, security options, Mac shared directories

Today we’re pleased to announce the availability of Docker Engine 1.3.  With over 750 commits from 45 contributors, this release includes new capabilities as well as lots of quality enhancements.  You can get more details in the release notes, but we’ll highlight four of the new features here. Tech Preview: Digital Signature Verification First up, in this release, the Docker Engine will now automatically verify the provenance and integrity of all Official Repos using digital signatures. Official Repos are Docker images curated and optimized by the Docker community to be the best building blocks for assembling distributed applications.  A valid signature provides an added level of trust by indicating that the Official Repo image has not been tampered with. With Official Repos representing one out of every five downloads from the Docker Hub Registry, this cryptographic verification will provide users with an additional assurance of Continue reading…

Docker and Security

At the Docker project we’ve been around for less than twelve months but we’ve learnt a lot from some of the open source projects that have come before us. Indeed we’re not shy about talking about the debt we owe to projects like the Linux kernel for our governance and operating models. Like the projects before us, one of the aspects of open source accountability we take very seriously is security. We’re conscious that Docker is an infrastructure project that has been embraced by a wide range of people: from developers building applications locally right up to production deployments, including some of the major PAAS platforms. One of the responsibilities that comes with being deployed in so many places is a serious focus on the security of Docker as a project and a platform. As a result we’ve decided to Continue reading…

Jérôme Petazzoni

Containers & Docker: How Secure Are They?

This post reviews the various security implications of using Docker to run applications within containers, and how to address them. There are three great areas to consider: the intrinsic security of containers, as implemented by namespaces and cgroups; the specific attack surface of the Docker daemon itself; the “hardening” security features of the kernel and how they interact with containers. We will also discuss how Docker security features compare with other systems.

14 great tutorials on Docker

Here are 14 tutorials and articles written by the community on different subjects, that would certainly help you improve your docker skills in minutes. Getting Docker to Run on Linode & Push-button Deployment with Docker by Nick Stinemates – Jun 19 2013 > http://nick.stinemat.es/ Deploy Java Apps With Docker = Awesome by Nicola Paolucci – Jun 13, 2013 > http://blogs.atlassian.com/2013/06/deploy-java-apps-with-docker-awesome/ Deploying django using docker by Javed Khan – Jun 14, 2013 > http://agiliq.com/blog/2013/06/deploying-django-using-docker/ Building Your Own Platform Service Using Docker by Jeff Lindsay & Solomon Hykes at GlueCon 2013 – May 22, 2013 > http://vimeo.com/67284401 Using Docker to build FireFox by Gregory Szorc – May 19, 2013 > http://gregoryszorc.com/blog/2013/05/19/using-docker-to-build-firefox/