Learn how Docker Scout policies can help development and security teams define and achieve an ideal application security posture for organizations.
security
How to Use OpenPubkey to SSH Without SSH Keys
Learn how OpenPubkey SSH (OPK SSH) allows you to use your regular email account or SSO to log in and securely connect to an SSH server.
How to Use OpenPubkey with GitHub Actions Workloads
Learn how to use OpenPubkey to bind public keys to workload identities using GitHub Actions and Docker. And find out how Docker is using OpenPubkey with GitHub Actions to sign Docker Official Images and improve supply chain security.
Using Authenticated Logins for Docker Hub in Google Cloud
Learn four best practices that your teams can implement to maintain a secure and reliable software delivery process with Docker Hub in Google Cloud. With these guidelines, you can leverage the benefits of open source software while safeguarding your development workflow.
Achieve Security and Compliance Goals with Policy Guardrails in Docker Scout
We show how Docker Scout policies enable teams to identify, prioritize, and fix their software quality issues at the point of creation.
Signing Docker Official Images Using OpenPubkey
Learn about the updated Docker Official Images (DOI) signing strategy and how OpenPubkey can be leveraged to smooth the flow and decrease the number of third-party entities the verifier is required to trust.
Security Advisory: High Severity Curl Vulnerability
The maintainers of curl, the popular command-line tool and library for transferring data with URLs, released curl 8.4.0 on October 11, 2023. This version included a fix for two common vulnerabilities and exposures (CVEs), one of which the curl maintainers rate as “HIGH” severity and described as “probably the worst curl security flaw in a long time.” But you can use Docker Scout to check whether you’re using the curl library as a dependency in any of the container images in your organization.
Changes to How Docker Handles Personal Authentication Tokens
Docker is improving the visibility of Docker Desktop and Hub users’ personal access tokens. Specifically, we are changing how tokens are handled across sessions between the two tools. Learn more about this security improvement.
Docker Scout Demo and Q&A
We share highlights from a recent webinar: “Docker Scout: Live Demo, Insights, and Q&A,” which is also now available on-demand.