security
-
Sep 14, 2022
What is the Best Container Security Workflow for Your Organization?
Find the best container security workflow for your company with these key takeaways from DockerCon. We’ll cover mindset, structure, toolsets, and more.
Tyler CharboneauRead now
-
Feb 9, 2022
The Impacts of an Insecure Software Supply Chain
Today, software regularly integrates open-source code from third-party sources into applications. While this practice empowers developers to create more capable software in a shorter time frame, it brings with it the risk of introducing inadequately vetted code. How aware are we of the security of our open-source code? Most of us use pip or npm…
Alyssa ShamesRead now
-
Dec 11, 2021
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s recommended to update to Log4j2 2.16.0. ————————————————————————————- Original post below has now been updated: 15…
Justin CormackRead now
-
Aug 13, 2021
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s why Docker continues to invest heavily in our developer tools like Docker Desktop…
David OroRead now
-
Jul 29, 2021
Docker Security Roundup: News, Articles, Sessions
With the eyes of the security world converging on Black Hat USA next week, now is a good time to remember that building secure applications is paramount. In the latest chapter in Docker’s security story, Docker CTO Justin Cormack last month provided an important update on software supply chain security. He blogged about the publication…
David OroRead now
-
Jul 20, 2021
Level Up Security with Scoped Access Tokens
November 2024 update: Read the Docker security documentation to learn about the latest security features. Then, visit the Docker subscriptions page to find a plan that’s right for you. — Scoped tokens are here ! Scopes give you more fine grained control over what access your tokens have to your content and other public content on Docker…
Ben De St Paer-GotchRead now
-
Jun 9, 2021
Bringing “docker scan” to Linux
At the end of last year we launched vulnerability scanning options as part of the Docker platform. We worked together with our partner Snyk to include security testing options along multiple points of your inner loop. We incorporated scanning options into the Hub, so that you can configure your repositories to automatically scan all the…
James RatliffRead now
-
Sep 19, 2019
New in Docker Hub: Personal Access Tokens
Already available as part of Docker Trusted Registry, personal access tokens can now be used as a substitute for your password in Docker Hub, especially for integrating your Hub account with other tools. You’ll be able to leverage these tokens for authenticating your Hub account from the Docker CLI.
Shanea LevenRead now
