Find out what makes an image distroless, tools that make the creation of distroless images practical, and security benefits of this approach.
docker security
How to Use OpenPubkey to SSH Without SSH Keys
Learn how OpenPubkey SSH (OPK SSH) allows you to use your regular email account or SSO to log in and securely connect to an SSH server.
Security Advisory: High Severity Curl Vulnerability
The maintainers of curl, the popular command-line tool and library for transferring data with URLs, released curl 8.4.0 on October 11, 2023. This version included a fix for two common vulnerabilities and exposures (CVEs), one of which the curl maintainers rate as “HIGH” severity and described as “probably the worst curl security flaw in a long time.” But you can use Docker Scout to check whether you’re using the curl library as a dependency in any of the container images in your organization.
Security Advisory: High Severity OpenSSL Vulnerabilities
UPDATE: The OpenSSL Project has officially disclosed two high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. These CVEs impact all OpenSSL versions after 3.0. The sole exception is version 3.0.7, which contains fixes for those latest vulnerabilities. Previously, these CVEs were thought to be “critical.” Learn more here.
Security Advisory: CVE-2022-42889 “Text4Shell”
Learn more about the CVE-2022-42889, aka “Text4Shell” vulnerability in the “Apache Commons Text” Java library — and how Docker Security Scans identify it.
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s...
Docker and Snyk Extend Partnership to Docker Official and Certified Images
Today we are pleased to announce that Docker and Snyk have extended our existing partnership to bring vulnerability scanning to Docker Official and certified images. As the exclusive scanning partner for these two image categories, Snyk will work with Docker to...
Docker at SnykCon 2020
We are excited to be a gold sponsor of the inaugural SnykCon virtual conference, a free online event from Snyk taking place this week on October 21-22, 2020. The conference will look at best practices and technologies for integrating development and security teams,...
Improve the Security of Hub Container Images with Automatic Vulnerability Scans
In yesterday’s blog about improvements to the end-to-end Docker developer experience, I was thrilled to share how we are integrating security into image development, and to announce the launch of vulnerability scanning for images pushed to the Hub. This release is one...