Engineering

Debian’s Dedication to Security: A Robust Foundation for Docker Developers

David Dooling
Apr 4, 2024

developers, Docker Official Images, security

We outline how and why Debian operates as a secure basis for development and makes a good choice for Docker Official Images.

OpenSSH and XZ/liblzma: A Nation-State Attack Was Thwarted, What Did We Learn?

Justin Cormack
Apr 1, 2024

Docker CTO Justin Cormack looks at what we can learn from malicious code in upstream tarballs of xz targeted at a subset of OpenSSH servers. “It is hard to overstate how lucky we were here, as there are no tools that will detect this vulnerability.”

Is Your Container Image Really Distroless?

Laurent Goderre
Mar 27, 2024

Find out what makes an image distroless, tools that make the creation of distroless images practical, and security benefits of this approach.

Docker Security Advisory: Multiple Vulnerabilities in runc, BuildKit, and Moby

Gabriela Georgieva
Jan 31, 2024

Docker security advisory about multiple vulnerabilities in runc, BuildKit, and Moby: We will publish patched versions of runc, BuildKit, and Moby on January 31 and release an update for Docker Desktop on February 1 to address these vulnerabilities. Additionally, our latest Moby and BuildKit releases will include fixes for CVE-2024-23650 and CVE-2024-24557, discovered respectively by an independent researcher and through Docker’s internal research initiatives.

Generating SBOMs for Your Image with BuildKit

Justin Chadwell
Jan 24, 2023

Learn how to use BuildKit v0.11 to generate SBOMs so you (and your users) can quickly answer questions about your images and packages.

Announcing Docker Hub OCI Artifacts Support

Milos Gajdos
Oct 31, 2022

We’re excited to announce that Docker Hub can now help you distribute any type of application artifact! You can now keep everything in one place without having to leverage multiple registries. Before today, you could only use Docker Hub to store and distribute...

Security Advisory: High Severity OpenSSL Vulnerabilities

Christian Dupuis
Oct 27, 2022

UPDATE: The OpenSSL Project has officially disclosed two high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. These CVEs impact all OpenSSL versions after 3.0. The sole exception is version 3.0.7, which contains fixes for those latest vulnerabilities. Previously, these CVEs were thought to be “critical.” Learn more here.

How to Implement Decentralized Storage Using Docker Extensions

Marton Elek
Oct 27, 2022

In part one of this two-part series, we discussed the intersection of Web3 and Docker at a conceptual level. Now, it’s time to get our hands dirty and review practical examples involving decentralized storage.

Resolve Vulnerabilities Sooner With Contextual Data

Christian Dupuis
Oct 25, 2022

OpenSSL 3.0.7 and “Text4Shell” won’t be the last critical vulnerabilities to plague your development team. Here’s how contextual data, Docker, and Atomist can help you remediate.