Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at a subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.”
Justin Cormack
Docker Acquires Mutagen for Continued Investment in Performance and Flexibility of Docker Desktop
I’m excited to announce that Docker, voted the most-used and most-desired tool in Stack Overflow’s 2023 Developer Survey, has acquired Mutagen IO, Inc., the company behind the open source Mutagen file synchronization and networking technologies that enable...
Announcing Docker SBOM: A step towards more visibility into Docker images
Today, Docker takes its first step in making what is inside your container images more visible so that you can better secure your software supply chain. Included in Docker Desktop 4.7.0 is a new, experimental docker sbom CLI command that displays the SBOM (Software...
Investing In Performance, Trust and Great Experiences for Developers
Docker is nine years old? Seems both like yesterday and a long time ago! The technology world has changed a lot since then, and Docker has played a key role in making it easy for developers to build and ship applications wherever they’re needed. What were the key...
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s...
Docker Verified Publisher: Trusted Sources, Trusted Content
Six months since its launch at DockerCon, the Docker Verified Publisher program delivers on its promise to developers and partners alike The Docker Verified Publisher program means trusted content and trusted sources for the millions of Docker users. At the May 2021...
News from AWS re:Invent – Docker Official Images on Amazon ECR Public
We are happy to announce today that, in partnership with Amazon, Docker Official Images are now available on AWS ECR Public. This is especially exciting because Docker Official Images are some of the most popularly used images on Docker Hub, acting as a key and...
Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain....
Secure Software Supply Chain Best Practices
Last month, the Cloud Native Computing Foundation (CNCF) Security Technical Advisory Group published a detailed document about Software Supply Chain Best Practices. You can get the full document from their GitHub repo. This was the result of months of work from a...