Secure your software supply chain with Docker
Security businesses demand.
Productivity developers rely on.
Docker allows teams to securely build, share, and run applications across the entire software supply chain.
Docker protects against supply chain attacks and helps to manage developer teams at scale. Docker provides security focused on the developer workstation and software supply chain. Ensure your images, packages, and dependencies are up-to-date and trusted with Trusted Content and Docker Scout. Combined with Hardened Docker Desktop, use Docker with confidence that your developers are working as securely as possible.
Simple and powerful application security designed with developers in mind.
Docker Trusted Content
Pulling and running arbitrary public images opens businesses to security risks, Docker Trusted Content delivers images you can trust with Docker Verified Publishers and Docker Official Images – the most widely trusted images used by developers and development teams as a secure basis for their application development.
With Settings Management, admins can configure Docker Desktop’s settings on client machines throughout their organization. In the new admin-settings.json file, configure important security settings like proxies and network ranges, and ensure that these values can’t be modified by users.
Enhanced Container Isolation
For an extra layer of security, admins can enable Enhanced Container Isolation to ensure that any configurations set with Settings Management cannot be modified by user containers. Enhanced Container Isolation ensures that all containers run unprivileged in the Docker Desktop Linux VM using the Liux user-namespace, as well as introducing a host of other security enhancements.
Docker Scout helps you understand your software better and remediate vulnerabilities faster. Docker Scout provides visibility of the layers within images, and pinpoints the vulnerabilities affecting each specific layer. With recommended remediation paths based on optimizing image builds, Docker Scout brings security to the context in which you’re already working.
Based on the Docker BuildKit project, Docker Build lets you build container images quickly and securely from your code repository. Manage dependencies and secrets so you can build with confidence knowing the secrets won’t be stored in the final image, now with SLSA Provenance and Docker SBOM built in.
Registry Access Management
With Registry Access Management, administrators can ensure that developers using Docker Desktop only access registries that are allowed. Developers can work without risk of accidentally building on untrusted images.
Image Access Management
Create access controls for approved content in Docker Hub to ensure local developer environments are compliant with your organization’s security policies. Manage developer access to content by designating approved image types, like Docker Verified Publisher images or Docker Official Images.