-
Zero Trust and Docker Desktop: An Introduction
Today’s digital landscape is characterized by frequent security breaches resulting in lost revenue, potential legal liability, and loss of customer trust. The Zero Trust model was devised to improve an organization’s security posture and minimize the risk and scope of security breaches. In this post, we explore Zero Trust security and walk through several strategies…
Read now
-
Docker Best Practices: Understanding the Differences Between ADD and COPY Instructions in Dockerfiles
COPY vs. ADD tl;dr: When you search for “Dockerfile best practices,” one of the suggestions you will find is that you always use the COPY instruction instead of the ADD instruction when adding files into your Docker image. This blog post will explore why this suggestion exists by providing additional detail on the functionality of…
Read now
-
Docker Scout Health Scores: Security Grading for Container Images in Your Docker Hub Repo
We are thrilled to introduce Docker Scout health scores, our latest feature designed to make software security simpler and more effective for developers. Developer-friendly software security Docker Scout health scores rate the security and compliance status of container images within Docker Hub, providing a single, quantifiable metric to represent the “health” of an image. This…
Read now
-
Docker Desktop 4.33: GA Releases of Docker Debug and Docker Build Checks Plus Enhanced Configuration Integrity Checks
Key features of the Docker Desktop 4.33 release include: Docker Debug GA release Docker Build checks GA release Configuration integrity check UX improvements Docker Desktop 4.33 is packed with powerful new features designed to elevate your container development experience. Docker Desktop 4.33 includes GA releases of Docker Debug and Docker Build checks, and significant UX…
Read now
-
Introducing Docker Build Checks: Optimize Dockerfiles with Best Practices
Today, we’re excited to announce the release of Docker Build checks with Docker Desktop 4.33. Docker Build checks help your team learn and follow best practices for building container images. When you run a Docker Build, you will get a list of warnings for any check violations detected in your build. Taking a proactive approach…
Read now
-
Empowering Developers with Docker: Simplifying Compliance and Enhancing Security for SOC 2, ISO 27001, FedRAMP, and More
The compliance and regulatory landscape is evolving and complicated, and the burden on developers to maintain compliance is not often acknowledged in articles about maintaining SOC 2, ISO 27001, FedRAMP, NIS 2, EU 14028, etc. Docker’s products aim to put power into the developer’s hands to maintain compliance with these requirements and eliminate what can…
Read now
-
Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine
Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users. Problem Docker’s default authorization model is all-or-nothing. Users…
Read now
-
Local LLM Messenger: Chat with GenAI on Your iPhone
In this AI/ML Hackathon post, we want to share another winning project from last year’s Docker AI/ML Hackathon. This time we will dive into Local LLM Messenger, an honorable mention winner created by Justin Garrison. Developers are pushing the boundaries to bring the power of artificial intelligence (AI) to everyone. One exciting approach involves integrating…
Read now