Docker Official Images are an important component of Docker’s commitment to the security of both the software supply chain and open source software. We address three common misconceptions about Docker Official Images and outline seven ways they help secure the software supply chain.
Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at a subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.”
Find out what makes an image distroless, tools that make the creation of distroless images practical, and security benefits of this approach.
Docker is now providing a free Docker Scout Team subscription to all Docker-Sponsored Open Source (DSOS) program participants.
Learn how to use OpenPubkey to bind public keys to workload identities using GitHub Actions and Docker. And find out how Docker is using OpenPubkey with GitHub Actions to sign Docker Official Images and improve supply chain security.
We show how Docker Scout policies enable teams to identify, prioritize, and fix their software quality issues at the point of creation.
We are excited to announce that Docker Scout General Availability (GA) now allows developers to continuously evaluate container images against a set of out-of-the-box policies, aligned with software supply chain best practices. These new capabilities also include a full suite of integrations enabling you to attain visibility from development into production. These updates strengthen Docker Scout’s position as integral to the software supply chain.
Learn how Hardened Docker Desktop can help you follow the five most critical developer workstation security best practices.
I’m excited to share some big news: Atomist is joining Docker. I know our team will thrive in its new home, and look forward to taking the great stuff we’ve built to a much larger audience. I’ve devoted most of my career to trying to improve developer productivity and...