Docker is now officially a CNA under MITRE, which means you should get better notifications and documentation when we publish a vulnerability.
security
Security Advisory: High Severity OpenSSL Vulnerabilities
UPDATE: The OpenSSL Project has officially disclosed two high-severity vulnerabilities: CVE-2022-3602 and CVE-2022-3786. These CVEs impact all OpenSSL versions after 3.0. The sole exception is version 3.0.7, which contains fixes for those latest vulnerabilities. Previously, these CVEs were thought to be “critical.” Learn more here.
Security Advisory: CVE-2022-42889 “Text4Shell”
Learn more about the CVE-2022-42889, aka “Text4Shell” vulnerability in the “Apache Commons Text” Java library — and how Docker Security Scans identify it.
What is the Best Container Security Workflow for Your Organization?
Find the best container security workflow for your company with these key takeaways from DockerCon. We’ll cover mindset, structure, toolsets, and more.
Apache Log4j 2 CVE-2021-44228
Update: 13 December 2021 As an update to CVE-2021-44228, the fix made in version 2.15.0 was incomplete in certain non-default configurations. An additional issue was identified and is tracked with CVE-2021-45046. For a more complete fix to this vulnerability, it’s...
Building a healthy and secure software supply chain
Securing the software supply chain is now an everyday concern for developers. As attackers increasingly target open-source components as a way to compromise the software supply chain, developers hold the keys to making their projects as secure as they can be. That’s...
Docker Security Roundup: News, Articles, Sessions
With the eyes of the security world converging on Black Hat USA next week, now is a good time to remember that building secure applications is paramount. In the latest chapter in Docker's security story, Docker CTO Justin Cormack last month provided an important...
Level Up Security with Scoped Access Tokens
November 2024 update: Read the Docker security documentation to learn about the latest security features. Then, visit the Docker subscriptions page to find a plan that's right for you. -- Scoped tokens are here ! Scopes give you more fine grained control over what...
Bringing “docker scan” to Linux
At the end of last year we launched vulnerability scanning options as part of the Docker platform. We worked together with our partner Snyk to include security testing options along multiple points of your inner loop. We incorporated scanning options into the...