Through a combination of the world’s largest marketplace of components, Docker Hub, and Trusted Content including Docker Official images and Docker Verified Publisher images, vulnerability scanning tools from Synk, and Docker image access management, Docker protects businesses against supply chain attacks and helps to manage developer teams at scale.
Pulling and running arbitrary public images opens businesses to security risks, Docker Trusted Content delivers images you can trust with Docker Verified Publishers and Docker Official Images - the most widely trusted images used by developers and development teams as a secure basis for their application development.
Create access controls for approved content in Docker Hub to ensure local developer environments are safe and to control what content developers can access, i.e. only allow development teams to access Docker Verified Publisher images or Docker Official Images.
Secure your containerized applications with vulnerability scanning. Gain visibility into image vulnerabilities with Docker Scan directly in Docker Desktop and Hub allowing development teams to include vulnerability testing as part of the inner development loop.
With Docker Content Trust, image suppliers and consumers can ensure the end to end authenticity of container images as part of a secure software supply chain. Publishers can sign their images as part of their release cycle, and image users can validate the integrity of the images to confirm they are building on trusted content.
Based on the Docker BuildKit project, Docker Build lets you build container images quickly and securely from your code repository. Manage dependencies and secrets so you can build with confidence knowing the secrets won’t be stored in the final image.