security
-
New Docker Desktop Enterprise Admin Features: MSI Installer and Login Enforcement Alternative
At Docker, we continuously strive to enhance the ease and security of our platform for all users. We’re excited to launch the general availability for two significant updates: the Docker Desktop MSI installer and a new sign-in enforcement alternative. These updates aim to streamline administration, improve security, and ensure users can take full advantage of…
Read now
-
Deprecation of Password Logins on CLI with Docker SSO Enforcement
At Docker, security is a core priority in everything we build. To align with our commitment to provide a secure experience for our developers and organizations, we are announcing an update to Single Sign-On (SSO) enforcement. Starting September 16, 2024, we will deprecate password logins on the Docker CLI when SSO is enforced. SSO enforcement…
Read now
-
Zero Trust and Docker Desktop: An Introduction
Today’s digital landscape is characterized by frequent security breaches resulting in lost revenue, potential legal liability, and loss of customer trust. The Zero Trust model was devised to improve an organization’s security posture and minimize the risk and scope of security breaches. In this post, we explore Zero Trust security and walk through several strategies…
Read now
-
Docker Scout Health Scores: Security Grading for Container Images in Your Docker Hub Repo
We are thrilled to introduce Docker Scout health scores, our latest feature designed to make software security simpler and more effective for developers. Developer-friendly software security Docker Scout health scores rate the security and compliance status of container images within Docker Hub, providing a single, quantifiable metric to represent the “health” of an image. This…
Read now
-
3 Ways CARIAD Configures Docker Business for Security and Compliance
CARIAD, an automotive software and technology company, unites more than 6,000 global experts and aligns major brands in the Volkswagen Group under one software strategy. Founded in 2020, CARIAD provides solutions to securely and compliantly update the fleet from mere transport to fully integrated digital experiences. CARIAD’s use of Docker provides a framework for embedding…
Read now
-
Empowering Developers with Docker: Simplifying Compliance and Enhancing Security for SOC 2, ISO 27001, FedRAMP, and More
The compliance and regulatory landscape is evolving and complicated, and the burden on developers to maintain compliance is not often acknowledged in articles about maintaining SOC 2, ISO 27001, FedRAMP, NIS 2, EU 14028, etc. Docker’s products aim to put power into the developer’s hands to maintain compliance with these requirements and eliminate what can…
Read now
-
Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine
Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users. Problem Docker’s default authorization model is all-or-nothing. Users…
Read now
-
Understanding the Docker USER Instruction
In the world of containerization, security and proper user management are crucial aspects that can significantly affect the stability and security of your applications. The USER instruction in a Dockerfile is a fundamental tool that determines which user will execute commands both during the image build process and when running the container. By default, if…
Read now