Secure Software Supply Chain
-
Jul 30, 2024
Docker Scout Health Scores: Security Grading for Container Images in Your Docker Hub Repo
The Docker team introduces Docker Scout health scores to help quickly evaluate image health and simplify software security for developers.
Tazin ProggaRead now
-
Apr 4, 2024
From Misconceptions to Mastery: Enhancing Security and Transparency with Docker Official Images
Docker Official Images are an important component of Docker’s commitment to the security of both the software supply chain and open source software. We address three common misconceptions about Docker Official Images and outline seven ways they help secure the software supply chain.
David DoolingRead now
-
Apr 1, 2024
OpenSSH and XZ/liblzma: A Nation-State Attack Was Thwarted, What Did We Learn?
Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at a subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.”
Justin CormackRead now
-
Mar 27, 2024
Is Your Container Image Really Distroless?
Learn what makes an image distroless, tools for building them, and whether distroless containers deliver on performance and security promises.
Laurent GoderreRead now
-
Jan 25, 2024
Announcing Docker Scout Software Supply Chain Solution for Open Source Projects
Docker is now providing a free Docker Scout Team subscription to all Docker-Sponsored Open Source (DSOS) program participants.
Ben CottonRead now
-
Dec 21, 2023
How to Use OpenPubkey with GitHub Actions Workloads
Learn how to use OpenPubkey to bind public keys to workload identities using GitHub Actions and Docker. And find out how Docker is using OpenPubkey with GitHub Actions to sign Docker Official Images and improve supply chain security.
Ethan HeilmanandJames CarnegieRead now
-
Nov 9, 2023
Achieve Security and Compliance Goals with Policy Guardrails in Docker Scout
We show how Docker Scout policies enable teams to identify, prioritize, and fix their software quality issues at the point of creation.
Tazin ProggaRead now
-
Oct 4, 2023
Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
We are excited to announce that Docker Scout General Availability (GA) now allows developers to continuously evaluate container images against a set of out-of-the-box policies, aligned with software supply chain best practices. These new capabilities also include a full suite of integrations enabling you to attain visibility from development into production. These updates strengthen Docker Scout’s position as integral to the software supply chain.
Docker TeamRead now