Docker is now officially a CNA under MITRE, which means you should get better notifications and documentation when we publish a vulnerability.
security
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s...
Docker Security Roundup: News, Articles, Sessions
With the eyes of the security world converging on Black Hat USA next week, now is a good time to remember that building secure applications is paramount. In the latest chapter in Docker's security story, Docker CTO Justin Cormack last month provided an important...
Level Up Security with Scoped Access Tokens
Scoped tokens are here 💪! Scopes give you more fine grained control over what access your tokens have to your content and other public content on Docker Hub! It’s been a while since we first introduced tokens into Docker Hub (back in 2019!) and we are...
Bringing “docker scan” to Linux
At the end of last year we launched vulnerability scanning options as part of the Docker platform. We worked together with our partner Snyk to include security testing options along multiple points of your inner loop. We incorporated scanning options into the...
New in Docker Hub: Personal Access Tokens
Already available as part of Docker Trusted Registry, personal access tokens can now be used as a substitute for your password in Docker Hub, especially for integrating your Hub account with other tools. You’ll be able to leverage these tokens for authenticating your Hub account from the Docker CLI.
What is Notary and why is it important to CNCF?
As you may have heard, the Notary project has been invited to join the Cloud Native Computing Foundation (CNCF). Much like its real world namesake, Notary is a platform for establishing trust over pieces of content. In life, certain important events such as buying a...
Docker Engine 1.10 Security Improvements
It’s been a crazy past few months with DockerCon and the holidays but yet we are still hacking away on the Docker Engine and have some really awesome security features I would like to highlight with the release of Docker Engine 1.10. Security is very important to us...