Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s...
security
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s...
Docker Security Roundup: News, Articles, Sessions
With the eyes of the security world converging on Black Hat USA next week, now is a good time to remember that building secure applications is paramount. In the latest chapter in Docker's security story, Docker CTO Justin Cormack last month provided an important...
Level Up Security with Scoped Access Tokens
November 2024 update: Read the Docker security documentation to learn about the latest security features. Then, visit the Docker subscriptions page to find a plan that's right for you. -- Scoped tokens are here ! Scopes give you more fine grained control over what...
Bringing “docker scan” to Linux
At the end of last year we launched vulnerability scanning options as part of the Docker platform. We worked together with our partner Snyk to include security testing options along multiple points of your inner loop. We incorporated scanning options into the...
Combining Snyk Scans in Docker Desktop and Docker Hub to Deploy Secure Containers
Last week, we announced that the Docker Desktop Stable release includes vulnerability scanning, the latest milestone in our container security solution that we are building with our partner Snyk. You can now run Snyk vulnerability scans directly from the Docker...
Docker and Snyk Extend Partnership to Docker Official and Certified Images
Today we are pleased to announce that Docker and Snyk have extended our existing partnership to bring vulnerability scanning to Docker Official and certified images. As the exclusive scanning partner for these two image categories, Snyk will work with Docker to...
Docker at SnykCon 2020
We are excited to be a gold sponsor of the inaugural SnykCon virtual conference, a free online event from Snyk taking place this week on October 21-22, 2020. The conference will look at best practices and technologies for integrating development and security teams,...
Improve the Security of Hub Container Images with Automatic Vulnerability Scans
In yesterday’s blog about improvements to the end-to-end Docker developer experience, I was thrilled to share how we are integrating security into image development, and to announce the launch of vulnerability scanning for images pushed to the Hub. This release is one...