With the exponential increase in container adoption, it's more critical than ever for teams to ensure that proper security and threat management infrastructure and practices are in place. This Refcard presents a comprehensive examination of threat detection for containerized environments, spanning several focus areas such as common cloud security architectures and Kubernetes hardening guidelines. And central to this Refcard are the fundamentals of container threat detection, including concepts like resource limits, static image vulnerability scanning, configuration validation, and much more.
Ever since virtualization support went mainstream, developers have started to embrace containerization as a means of enhancing app security. And when used well, it's an excellent approach. Unfortunately, countless things can destroy the security benefits of containerization when overlooked.
But, short of taking some additional coursework on the subject, there aren't many places you can go to learn about the best practices of containerization. And since Docker is the most popular containerization option in the world right now, that seems like a natural place to start. Here are five simple containerization security tips to help you keep your Dockerized apps secure.
Nancy has arrived.
You may also enjoy:
Integrating Docker Solutions Into Your CI/CD Pipeline
Nancy is now wrapped up as a Docker image for execution in a pipeline or via an alias in a terminal.
Nancy is a tool to check for vulnerabilities in your Golang dependencies, powered by Sonatype OSS Index. docker-nancy wraps the nancy executable in a Docker image.
Do you have the keys to unlock DevOps security?
The rapid adoption of container technology, DevOps practices and principals, microservices application architectures, and the rise of Kubernetes as the de facto standard for container orchestration are the key drivers of modern digital transformation. Whether an application is built in the cloud, on-premises, or in hybrid environments using container technologies, or it's being ported to a containerized infrastructure, containerization has clear advantages in terms of scalability, portability, and continuous development and improvement.
In a medium article, Tinder's Engineering Team recently announced their move to Kubernetes to solve scale and stability challenges. Twitter is another company that has announced their own migration from Mesos to Kubernetes. New York Times, Reddit, Airbnb, and Pintrest are just a few more examples.
You are using Docker for development and testing purposes but did not yet take the step to use it in production? Then read on, because in this blog post we will take a look at how you can ensure that you run your Docker containers in a secure way.
The CIS Benchmark
The default Docker installation does not provide us enough security for usage in production. Neither are the numerous examples of Dockerfiles you can find on the web. Even the Dockerfiles in some of our previous blog posts are not production ready. How do we know what to do in order to run our Docker container in a secure way? This brings us to the Center of Internet Security (CIS). The CIS provides best practices for securing IT systems and data against attacks. These best practices are identified and verified by a community of experienced IT professionals. In our case, we will take a look at the CIS Benchmarks page. Here we find a lot of benchmarks for operating systems, devices and software. Within this list, the CIS Benchmark for Docker Community Edition 1.1.0 is available. It is freely downloadable, but you do need to provide your contact details and after that, a download link is sent to your email address. This will also give you access to the other CIS benchmarks.
