2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present new challenges in security -- but this year has seen much progress in addressing those challenges.
Working with several customers who are "heavy" adopters of Docker containers, we've seen environments where thousands of Docker images are built on almost a daily basis. Organizations that fully commit to continuous integration often commit developer code into the image build process, which results in images being …
Last month we announced support for Windows containers and automating image scanning as a step in Microsoft VSTS. I'm happy to announce that Aqua supports the new (yet to be officially released) Azure Container Registry, or ACR.
When producing the Docker images that will run as containers, development organizations find themselves with unprecedented influence over the application security posture of their organization.
Yesterday it was revealed that a security researcher who goes by the name avicoder managed to get hold of Vine's source code by accessing their Docker registry. If you're not familiar with Vine, it's a video sharing site that allows users to upload 6 second videos that are very easy to share and re-share. The …
Many communities have thought leaders and exports. In the Docker community they’re called Captains, and if you want to know what’s happening in the Docker community, these are the people to follow.
There’s nothing wrong with seeking help, and that’s especially true for container processes. Third-party Docker tools that help with testing, images, backups and other important procedures are invaluable, even more so when they’re free.
Security is the enterprise’s foremost concern on its way to production adoption of container technology. However, security is never a one-off deal, and in the context of the still nascent container technology that’s especially true.
In the last 2 posts about the main security features in Docker 1.10 we tackled the Authorization plug-in and the Secomp profiles. In this final post we'll focus on the new support for Linux User Namespace.
Before the release of Docker 1.10, a container running under user=root in Docker would have run as root also …
In the first part of this trilogy we focused on Docker 1.10 and its seccomp capabilities. In this post we’ll explore the authorization plug-in architecture, another feature which was released as part of Docker 1.10.