Aqua Blog

Docker Security

Cisco CloudCenter: Docker Privilege Escalation Vulnerability Explained

Cisco CloudCenter: Docker Privilege Escalation Vulnerability Explained

Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker …

Continue reading ›
The Year That Was (Almost) - 10 Milestones in The Container Ecosystem

The Year That Was (Almost) - 10 Milestones in The Container Ecosystem

2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present new challenges in security -- but this year has seen much progress in addressing those challenges.

Continue reading ›
Docker Images Vulnerability Scanning on a Massive Scale

Docker Images Vulnerability Scanning on a Massive Scale

Working with several customers who are "heavy" adopters of Docker containers, we've seen environments where thousands of Docker images are built on almost a daily basis. Organizations that fully commit to continuous integration often commit developer code into the image build process, which results in images being …

Continue reading ›
Image Vulnerability Scanning in Azure Container Registry

Image Vulnerability Scanning in Azure Container Registry

Last month we announced support for Windows containers and automating image scanning as a step in Microsoft VSTS. I'm happy to announce that Aqua supports the new (yet to be officially released) Azure Container Registry, or ACR.

Continue reading ›
Docker Image Security: Do It Early, Often, and Continuously

Docker Image Security: Do It Early, Often, and Continuously

When producing the Docker images that will run as containers, development organizations find themselves with unprecedented influence over the application security posture of their organization.

Continue reading ›
Vine's Docker Registry "Hack": A Bad Case of RTFM

Vine's Docker Registry "Hack": A Bad Case of RTFM

Yesterday it was revealed that a security researcher who goes by the name avicoder managed to get hold of Vine's source code by accessing their Docker registry. If you're not familiar with Vine, it's a video sharing site that allows users to upload 6 second videos that are very easy to share and re-share. The service …

Continue reading ›
They Evangelize Containers: Meet 10 Docker Captains

They Evangelize Containers: Meet 10 Docker Captains

Many communities have thought leaders and exports. In the Docker community they’re called Captains, and if you want to know what’s happening in the Docker community, these are the people to follow.

Continue reading ›
6 (More) Free Docker Tools to Make Container Deployments Easier

6 (More) Free Docker Tools to Make Container Deployments Easier

There’s nothing wrong with seeking help, and that’s especially true for container processes. Third-party Docker tools that help with testing, images, backups and other important procedures are invaluable, even more so when they’re free.

Continue reading ›
Docker 1.11 and CIS Benchmark: What’s New in Security?

Docker 1.11 and CIS Benchmark: What’s New in Security?

Security is the enterprise’s foremost concern on its way to production adoption of container technology. However, security is never a one-off deal, and in the context of the still nascent container technology that’s especially true.

Continue reading ›
Happy Birthday, Docker!

Happy Birthday, Docker!

Docker is but a 3-year-old toddler, but this toddler seems to be on steroids… growing at a pace reminiscent of Species (not that Moby Dock would ever turn into Natasha Henstridge, or start seeking humans to mate with!)

Continue reading ›
Docker 1.10 Security Features, Part 3: User Namespace

Docker 1.10 Security Features, Part 3: User Namespace

In the last 2 posts about the main security features in Docker 1.10 we tackled the Authorization plug-in and the Secomp profiles. In this final post we'll focus on the new support for Linux User Namespace. 

Before the release of Docker 1.10, a container running under user=root in Docker would have run as root also on …

Continue reading ›