Keeping your secrets secret is an ongoing process, but it’s worth the effort. Learn about Docker features you can use to help prevent leaking secrets.
security
5 Developer Workstation Security Best Practices
Learn how Hardened Docker Desktop can help you follow the five most critical developer workstation security best practices.
New in Docker Desktop 4.15: Improving Usability and Performance for Easier Builds
Docker Desktop 4.15 is here, packed with usability upgrades to help you find the images you want, manage your containers, discover vulnerabilities, and more.
Find and Fix Vulnerabilities Faster Now that Docker’s a CNA
Docker is now officially a CNA under MITRE, which means you should get better notifications and documentation when we publish a vulnerability.
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s...
Docker Security Roundup: News, Articles, Sessions
With the eyes of the security world converging on Black Hat USA next week, now is a good time to remember that building secure applications is paramount. In the latest chapter in Docker's security story, Docker CTO Justin Cormack last month provided an important...
Level Up Security with Scoped Access Tokens
Scoped tokens are here 💪! Scopes give you more fine grained control over what access your tokens have to your content and other public content on Docker Hub! It’s been a while since we first introduced tokens into Docker Hub (back in 2019!) and we are...
Bringing “docker scan” to Linux
At the end of last year we launched vulnerability scanning options as part of the Docker platform. We worked together with our partner Snyk to include security testing options along multiple points of your inner loop. We incorporated scanning options into the...
New in Docker Hub: Personal Access Tokens
Already available as part of Docker Trusted Registry, personal access tokens can now be used as a substitute for your password in Docker Hub, especially for integrating your Hub account with other tools. You’ll be able to leverage these tokens for authenticating your Hub account from the Docker CLI.