Learn how to use OpenPubkey to bind public keys to workload identities using GitHub Actions and Docker. And find out how Docker is using OpenPubkey with GitHub Actions to sign Docker Official Images and improve supply chain security.
secure software supply chain
Achieve Security and Compliance Goals with Policy Guardrails in Docker Scout
We show how Docker Scout policies enable teams to identify, prioritize, and fix their software quality issues at the point of creation.
Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain
We are excited to announce that Docker Scout General Availability (GA) now allows developers to continuously evaluate container images against a set of out-of-the-box policies, aligned with software supply chain best practices. These new capabilities also include a full suite of integrations enabling you to attain visibility from development into production. These updates strengthen Docker Scout’s position as integral to the software supply chain.
5 Developer Workstation Security Best Practices
Learn how Hardened Docker Desktop can help you follow the five most critical developer workstation security best practices.
Securing the Software Supply Chain: Atomist Joins Docker
I’m excited to share some big news: Atomist is joining Docker. I know our team will thrive in its new home, and look forward to taking the great stuff we’ve built to a much larger audience. I’ve devoted most of my career to trying to improve developer productivity and...
Announcing Docker SBOM: A step towards more visibility into Docker images
Today, Docker takes its first step in making what is inside your container images more visible so that you can better secure your software supply chain. Included in Docker Desktop 4.7.0 is a new, experimental docker sbom CLI command that displays the SBOM (Software...
Notary v2 Project Update
Supply chain security is something that has been increasingly important to all of us in the last few years. Almost as important as the global supply chains that are having problems distributing goods around the world! There have been many attacks via the supply chain....
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s...
Secure Software Supply Chain Best Practices
Last month, the Cloud Native Computing Foundation (CNCF) Security Technical Advisory Group published a detailed document about Software Supply Chain Best Practices. You can get the full document from their GitHub repo. This was the result of months of work from a...