Certain versions of Docker Engine have a security vulnerability that could allow an attacker to bypass authorization plugins (AuthZ) under specific circumstances. The base likelihood of this being exploited is low. This advisory outlines the issue, identifies the affected versions, and provides remediation steps for impacted users.
Discover best practices and common pitfalls associated with the Docker USER instruction. Also get a hands-on demo to learn the importance of these practices.
Discover two key metrics to measure your DevSecOps progression effectively. Learn how tracking security vulnerabilities over time and ensuring compliance with security policies can enhance your organization’s security posture, driving continuous improvement in your DevSecOps practices.
The Docker 2024 State of Application Development Report offers insight into developers’ processes and tools, industry trends, Docker usage, and more.
Docker demonstrates commitment to security by achieving SOC 2 Type 2 attestation and ISO 27001 certification.
Docker Desktop 4.30 offers new proxy authentication enhancements, especially on the Windows front, to ensure seamless integration and interaction.
Docker and JFrog partner to further secure Docker Hub by removing millions of imageless repos with malicious links.
We outline how and why Debian operates as a secure basis for development and makes a good choice for Docker Official Images.
Docker Official Images are an important component of Docker’s commitment to the security of both the software supply chain and open source software. We address three common misconceptions about Docker Official Images and outline seven ways they help secure the software supply chain.