Aqua Blog

Docker Security

Scanning Docker Images on a Massive Scale

Docker Images Vulnerability Scanning on a Massive Scale

Working with several customers who are "heavy" adopters of Docker containers, we've seen environments where thousands of Docker images are built on almost a daily basis. Organizations that fully commit to continuous integration often commit developer code into the image build process, which results in images being …

Continue reading ›
ACR blog.jpg

Image Vulnerability Scanning in Azure Container Registry

Last month we announced support for Windows containers and automating image scanning as a step in Microsoft VSTS. I'm happy to announce that Aqua supports the new (yet to be officially released) Azure Container Registry, or ACR.

Continue reading ›
Docker_Image_Security-_1.jpg

Docker Image Security: Do It Early, Often, and Continuously

When producing the Docker images that will run as containers, development organizations find themselves with unprecedented influence over the application security posture of their organization.

Continue reading ›
Vine Docker registry hack

Vine's Docker Registry "Hack": A Bad Case of RTFM

Yesterday it was revealed that a security researcher who goes by the name avicoder managed to get hold of Vine's source code by accessing their Docker registry. If you're not familiar with Vine, it's a video sharing site that allows users to upload 6 second videos that are very easy to share and re-share. The …

Continue reading ›
Docker_captains.jpg

They Evangelize Containers: Meet 10 Docker Captains

Many communities have thought leaders and exports. In the Docker community they’re called Captains, and if you want to know what’s happening in the Docker community, these are the people to follow.

Continue reading ›
Docker tools

6 (More) Free Docker Tools to Make Container Deployments Easier

There’s nothing wrong with seeking help, and that’s especially true for container processes. Third-party Docker tools that help with testing, images, backups and other important procedures are invaluable, even more so when they’re free.

Continue reading ›
containerd2.jpg

Docker 1.11 and CIS Benchmark: What’s New in Security?

Security is the enterprise’s foremost concern on its way to production adoption of container technology. However, security is never a one-off deal, and in the context of the still nascent container technology that’s especially true.

Continue reading ›
docker_3bday_1.jpg

Happy Birthday, Docker!

Docker is but a 3-year-old toddler, but this toddler seems to be on steroids… growing at a pace reminiscent of Species (not that Moby Dock would ever turn into Natasha Henstridge, or start seeking humans to mate with!)

Continue reading ›
DOCKER_1.10-_NAMESPACE.png

Docker 1.10 Security Features, Part 3: User Namespace

In the last 2 posts about the main security features in Docker 1.10 we tackled the Authorization plug-in and the Secomp profiles. In this final post we'll focus on the new support for Linux User Namespace. 

Before the release of Docker 1.10, a container running under user=root in Docker would have run as root also …

Continue reading ›
Docker Security Features 1.10

Docker 1.10 Security Features, Part 2: Authorization Plug-In

In the first part of this trilogy we focused on Docker 1.10 and its seccomp capabilities. In this post we’ll explore the authorization plug-in architecture, another feature which was released as part of Docker 1.10.

Continue reading ›
New Docker Features

New Docker Security Features and What They Mean: Seccomp Profiles

The new Docker 1.10 release has a host of new features, among them several security improvements that merit the attention of anyone using Docker to develop and run applications. I’d like to focus on three of these features in a short series of blogs: Seccomp profiles, Authorization Plug-in, and User Namespace …

Continue reading ›