Cisco announced a few days ago that it discovered and fixed a critical vulnerability in its CloudCenter Orchestrator, whereby a misconfiguration caused the Docker Engine management port to be reachable outside of the CloudCenter Orchestrator system. An attacker could exploit this vulnerability by loading Docker …
2016 was a big year for the virtual container space, and 2017 looks even more promising. The industry saw tremendous growth and continues to evolve at a rapid pace. Containers, being still relatively new, present new challenges in security -- but this year has seen much progress in addressing those challenges.
Working with several customers who are "heavy" adopters of Docker containers, we've seen environments where thousands of Docker images are built on almost a daily basis. Organizations that fully commit to continuous integration often commit developer code into the image build process, which results in images being …
Last month we announced support for Windows containers and automating image scanning as a step in Microsoft VSTS. I'm happy to announce that Aqua supports the new (yet to be officially released) Azure Container Registry, or ACR.
When producing the Docker images that will run as containers, development organizations find themselves with unprecedented influence over the application security posture of their organization.
Yesterday it was revealed that a security researcher who goes by the name avicoder managed to get hold of Vine's source code by accessing their Docker registry. If you're not familiar with Vine, it's a video sharing site that allows users to upload 6 second videos that are very easy to share and re-share. The service …
Many communities have thought leaders and exports. In the Docker community they’re called Captains, and if you want to know what’s happening in the Docker community, these are the people to follow.
There’s nothing wrong with seeking help, and that’s especially true for container processes. Third-party Docker tools that help with testing, images, backups and other important procedures are invaluable, even more so when they’re free.
Security is the enterprise’s foremost concern on its way to production adoption of container technology. However, security is never a one-off deal, and in the context of the still nascent container technology that’s especially true.
Docker is but a 3-year-old toddler, but this toddler seems to be on steroids… growing at a pace reminiscent of Species (not that Moby Dock would ever turn into Natasha Henstridge, or start seeking humans to mate with!)
In the last 2 posts about the main security features in Docker 1.10 we tackled the Authorization plug-in and the Secomp profiles. In this final post we'll focus on the new support for Linux User Namespace.
Before the release of Docker 1.10, a container running under user=root in Docker would have run as root also on …