Docker Enhances Open Source Container Security with Signing and MoreDocker Enhances Open Source Container Security with Signing and More
Security for Linux-based open source containers took another step forward today with Docker's announcement of new ways to verify container images' integrity with hardware signing and scan images for security vulnerabilities.
November 16, 2015
Security for Linux-based open source containers took another step forward today with Docker‘s announcement of new ways to verify container images’ integrity with hardware signing and scan images for security vulnerabilities.
The security features new to Docker include:
Hardware-based signing via Yubico Yubikey 4, which will provide container images with a unique signature. Users can check that signature against the signature of container images they download to ensure that the contents have not been changed.
Content auditing and vulnerability scanning for container images stored in official Docker repositories using Docker Content Trust, which debuted in August.
Granular access control in containers via a new user namespace feature.
Docker is pitching the security enhancements as a way to make containers safer — and therefore more palatable to security-and compliance-minded organizations — without interfering with the flexibility that currently helps to distinguish containers from other types of app-deployment platforms.
The news comes on the heels of CoreOS‘s announcement on Friday that it has launched a new open source tool, called Clair, to help container users on all Linux distributions test containers for security vulnerabilities.
Docker, which oversees development of the most popular open source container-based virtualization platform for deploying apps in the cloud, announced the security initiative at DockerCon in Barcelona on Nov. 16.
About the Author(s)
You May Also Like