Toli Kuznets

written by Lily Guo, Toli Kuznets and Nandhini Santhanam Today we announced the general availability of Docker Security Scanning, formerly known as Project Nautilus. Available today as an add-on service to Docker Cloud private repositories and for Official Repositories located on Docker Hub, Security Scanning provides a detailed security profile of your Docker images for proactive risk management and to streamline software compliance. Docker Security Scanning conducts binary level scanning of your images before they are deployed, provides a detailed bill of materials (BOM) that lists out all the layers and components, continuously monitors for new vulnerabilities, and provides notifications when new…

Continue reading...
Jessie Frazelle

It’s been a crazy past few months with DockerCon and the holidays but yet we are still hacking away on the Docker Engine and have some really awesome security features I would like to highlight with the release of Docker Engine 1.10. Security is very important to us and our approach is two-fold; one is to provide a secure foundation on which to build applications and second, to provide capabilities to secure the applications themselves. Docker Engine is the foundation on which you pull, build and run containers and all the features listed below are about giving your more granular…

Continue reading...
Diogo Mónica

Three months ago we launched Docker Content Trust, integrating the guarantees from The Update Framework (TUF) into Docker using Notary, an open source tool that provides trust over any content. Today we’re incredibly excited to announce the support of hardware based signing in notary and Docker experimental.

Continue reading...