SlideShare a Scribd company logo

Docker Container Security: Supply Chain, Runtime, Infrastructure & Compliance

Docker, Inc.
Docker, Inc.

This document discusses Docker container security. It covers five main security verticals: secure software supply chain, runtime security, infrastructure security, compliance, and provides a demo. The supply chain involves scanning and signing images. Runtime security focuses on identifying vulnerabilities and running only trusted images. Infrastructure security discusses access control and roles. Compliance addresses FIPS validation and audit logs. A demo then shows some of these security features in action.

Technology
1 of 25
Download to read offline
Docker Container Security
Group Product Manager, Docker Yuvraj Mehta Solutions Architect, Docker Steve Richards
Agenda ● Container Security Verticals ● Secure Software Supply Chain ● Runtime Security ● Infrastructure Security ● Compliance ● DEMO TIME!!
Secure Supply Chain Securing the Software Pipeline Docker Enterprise Security Verticals Runtime Security Securing the Application in Production Infrastructure Security Securing Infrastructure from the Application Compliance Meet Regulatory Standards
Secure Software Supply Chain
Secure Software Supply Chain Docker Trusted Registry IT OPERATIONS Control Plane Security scan & sign Traditional Third Party Microservices DEVELOPERS
docker trust init org/example Trusted Images: Scanning docker trust init org/example docker trust sign org/example:latest FEATURE • Deep visibility with binary level scanning • Integrated workflow for a secure supply chain • Enable proactive risk management BENEFITS • Detailed BOM of included components and vulnerability profile • Covers wide array of languages & OS including Windows
docker trust init org/example Trusted Images: Signing docker trust init org/example docker trust sign org/example:latest FEATURE • Run only trusted images in production • Establish a chain of custody for Docker images BENEFITS • Sign Docker images from developer to operations • Verifies the publisher of Docker images • Integrated with Docker CLI
WebHooks
Automated Promotions Production Environments DTR Docker UCP Production Environments Docker UCP Non-Production EnvironmentsDeveloper Machine Development CI/CD Operations Datacenter 1 Datacenter 2 DTR Docker for DTR
Runtime Security
docker trust init org/example Identify Vulnerabilities in Production docker trust init org/example docker trust sign org/example:latest Docker Enterprise Control Plane Docker Trusted Registry Scan Data FEATURE BENEFITS • Create policies to manage service deployments using image vulnerability data • Maintain compliant deployment of production services • View vulnerability data of images deployed through the control plane • Roll up views for services & pods
Run Trusted Images Developer signs an image and checks it into a registry Engine verifies that image is signed before pulling to local environment FEATURE BENEFITS • Verify that images are signed before pulling from registry • Enable or disable on a per-shell or per-invocation basis • Prevent the deployment of containers that use unsigned images • Enforce policies around image signing
Infrastructure Security
Secure Access: Single Sign-On with SAML v2.0 FEATURE BENEFITS • Allow for SSO to Docker Enterprise through existing identity provider (IdP) ○ Support for Okta and ADFS, with more IdPs added in the future • Continue to use LDAP synch for client bundle access • Achieve 2FA through identity provider • Credentials stored in IdP only; no local hosting of passwords
Secure Access: Native Kubernetes RBAC FEATURE BENEFITS • Add native Kubernetes roles defined in YAML file • Distinct view of Kubernetes roles from Swarm roles • Define grants similar to Swarm • Deploy Helm charts • Use native Kubernetes RBAC primitives Node Worker Node Worker Node Worker Node Worker swarm mode cluster docker enterprise universal control plane trusted registry Node Worker Node Worker .NET Dev Team Using Swarm Java Dev Team using K8s Java Dev Team Using Swarm Ops Team
Compliance
FIPS 140-2 Validated Docker Enterprise-Engine FEATURE BENEFITS • Linux support included in 18.03 Engine, 18.09 now adds FIPS compliance for Windows • Automatically enable FIPS mode for Docker engine based upon host OS FIPS status • Use env variable to override O/S FIPS state • Meet regulatory requirements by deploying Docker Engines in a FIPS compliant mode • Prevent non-FIPS nodes from joining a FIPS compliant cluster DOCKER ENGINE containerd Docker API Networking Docker Build (BuildKit) Orchestration VolumesDistribution Docker CLI Plugins FIPS 140-2 Validated Encryption Module
Detailed Audit Logs {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-fa6b-4ad6-901c-b587fab75277", "stage": "RequestReceived", "requestURI": "/api/v1/namespaces/default/pods", "verb": "list", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08-07T22:10:35.428850Z"}} orchestrator audit events audit logs user request {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-94e7-4ad6-901c-b587fab31512", "stage": "RequestReceived", "requestURI": "/v1.30/configs/create", "verb": "post", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08-07T22:10:35.428850Z"}} kubernetes pod listing swarm config create FEATURE • Configurable audit logs for both Swarm and Kubernetes • Logs API calls tracking request, time, user, and response • Persistent storage of audit log BENEFITS • Track and investigate all security-relevant user activity in the cluster
Demo Time
Next Steps
https://dockr.ly/Forrester Get the Forrester Report on Container Platforms  For more information visit:
https://dockr.ly/WindowsServerUpgrade  Migrate Legacy Windows Before End of Support  For more information visit:
Give Docker Enterprise a spin! trial.docker.com
Thank you!

Recommended

DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDocker, Inc.
 
DCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker ContainersDCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker ContainersDocker, Inc.
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDocker, Inc.
 
DCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and KubernetesDCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and KubernetesDocker, Inc.
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDocker, Inc.
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDocker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with DockerDocker, Inc.
 
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker, Inc.
 

Recommended

DCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDCEU 18: Docker Enterprise Platform and Architecture
DCEU 18: Docker Enterprise Platform and ArchitectureDocker, Inc.
 
DCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker ContainersDCEU 18: Provisioning and Managing Storage for Docker Containers
DCEU 18: Provisioning and Managing Storage for Docker ContainersDocker, Inc.
 
DCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDCEU 18: State of the Docker Engine
DCEU 18: State of the Docker EngineDocker, Inc.
 
DCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and KubernetesDCEU 18: Docker for Windows Containers and Kubernetes
DCEU 18: Docker for Windows Containers and KubernetesDocker, Inc.
 
DCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDCEU 18: Docker Containers in a Serverless World
DCEU 18: Docker Containers in a Serverless WorldDocker, Inc.
 
DCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDCEU 18: Developing with Docker Containers
DCEU 18: Developing with Docker ContainersDocker, Inc.
 
Modernizing Java Apps with Docker
Modernizing Java Apps with DockerModernizing Java Apps with Docker
Modernizing Java Apps with DockerDocker, Inc.
 
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...
Docker Store: The New Destination for Enterprise Software - Lily Guo and Alfr...Docker, Inc.
 
DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDocker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...Docker, Inc.
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016Docker, Inc.
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDocker, Inc.
 
Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBret Fisher
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDocker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy Docker, Inc.
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller Docker, Inc.
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDocker, Inc.
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahDocker, Inc.
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...Docker, Inc.
 
DCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDocker, Inc.
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker, Inc.
 
Kubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesKubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesSimone Morellato
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
 
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Docker, Inc.
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaRoman Dembitsky
 

More Related Content

What's hot

DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDocker, Inc.
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...Docker, Inc.
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016Docker, Inc.
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDocker, Inc.
 
Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBret Fisher
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDocker, Inc.
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy Docker, Inc.
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller Docker, Inc.
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Patrick Chanezon
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDocker, Inc.
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahDocker, Inc.
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...Docker, Inc.
 
DCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDocker, Inc.
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker, Inc.
 
Kubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesKubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesSimone Morellato
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker, Inc.
 
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Docker, Inc.
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDocker, Inc.
 

What's hot (20)

DCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application PackagesDCEU 18: App-in-a-Box with Docker Application Packages
DCEU 18: App-in-a-Box with Docker Application Packages
 
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
DCEU 18: From Legacy Mainframe to the Cloud: The Finnish Railways Evolution w...
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
DCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization StrategyDCEU 18: How To Build Your Containerization Strategy
DCEU 18: How To Build Your Containerization Strategy
 
Building Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech StackBuilding Your Docker Swarm Tech Stack
Building Your Docker Swarm Tech Stack
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTR
 
DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy DCSF19 How To Build Your Containerization Strategy
DCSF19 How To Build Your Containerization Strategy
 
DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller DCSF19 Deploying Istio as an Ingress Controller
DCSF19 Deploying Istio as an Ingress Controller
 
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018Develop and deploy Kubernetes applications with Docker - IBM Index 2018
Develop and deploy Kubernetes applications with Docker - IBM Index 2018
 
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been ToldDCSF19 Docker Containers & Java: What I Wish I Had Been Told
DCSF19 Docker Containers & Java: What I Wish I Had Been Told
 
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad AfanahOn-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
On-the-Fly Containerization of Enterprise Java & .NET Apps by Amjad Afanah
 
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
DCEU 18: Desigual Transforms the In-Store Experience with Docker Enterprise C...
 
DCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application TransformationDCEU 18: 5 Patterns for Success in Application Transformation
DCEU 18: 5 Patterns for Success in Application Transformation
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 
Docker ee an architecture and operations overview
Docker ee an architecture and operations overviewDocker ee an architecture and operations overview
Docker ee an architecture and operations overview
 
Kubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slidesKubernetes 101 VMworld 2019 workshop slides
Kubernetes 101 VMworld 2019 workshop slides
 
Docker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EEDocker Online Meetup: Announcing Docker CE + EE
Docker Online Meetup: Announcing Docker CE + EE
 
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
Taking Docker from Local to Production at Intuit JanJaap Lahpor, Intuit and H...
 
DCEU 18: Docker Container Networking
DCEU 18: Docker Container NetworkingDCEU 18: Docker Container Networking
DCEU 18: Docker Container Networking
 

Similar to Docker Container Security: Supply Chain, Runtime, Infrastructure & Compliance

Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Docker, Inc.
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaRoman Dembitsky
 
DCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and ArchitectureDCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and ArchitectureDocker, Inc.
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesThomas Barlow
 
Container on azure
Container on azureContainer on azure
Container on azureVishwas N
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.
 
DockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDocker, Inc.
 
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, DockerBuilding a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, DockerDocker, Inc.
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker, Inc.
 
VSphere Integrated Containers v3.0
VSphere Integrated Containers v3.0VSphere Integrated Containers v3.0
VSphere Integrated Containers v3.0The World Bank
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Docker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - OverviewDocker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - OverviewChris Ciborowski
 
Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityAshnikbiz
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerDavid Currie
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM France Lab
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Docker, Inc.
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerInstruqt
 
What's New in Docker
What's New in DockerWhat's New in Docker
What's New in DockerDocker, Inc.
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker IntroductionPeng Xiao
 

Similar to Docker Container Security: Supply Chain, Runtime, Infrastructure & Compliance (20)

Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
Evénement Docker Paris: Anticipez les nouveaux business model et réduisez vos...
 
DockerCon EU 2015 Barcelona
DockerCon EU 2015 BarcelonaDockerCon EU 2015 Barcelona
DockerCon EU 2015 Barcelona
 
DCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and ArchitectureDCSF 19 Docker Enterprise Platform and Architecture
DCSF 19 Docker Enterprise Platform and Architecture
 
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + KubernetesDocker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
Docker Dublin Meetup | 22 Feb 2018 | Docker + Kubernetes
 
Container on azure
Container on azureContainer on azure
Container on azure
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
 
DockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted RegistryDockerCon EU 2015: What's New with Docker Trusted Registry
DockerCon EU 2015: What's New with Docker Trusted Registry
 
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, DockerBuilding a Secure App with Docker - Ying Li and David Lawrence, Docker
Building a Secure App with Docker - Ying Li and David Lawrence, Docker
 
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep DiveDocker and Microsoft - Windows Server 2016 Technical Deep Dive
Docker and Microsoft - Windows Server 2016 Technical Deep Dive
 
VSphere Integrated Containers v3.0
VSphere Integrated Containers v3.0VSphere Integrated Containers v3.0
VSphere Integrated Containers v3.0
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker Slides
 
Docker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - OverviewDocker Birthday #3 Slides - Overview
Docker Birthday #3 Slides - Overview
 
Docker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & AgilityDocker EE 2.0 Choice, Security & Agility
Docker EE 2.0 Choice, Security & Agility
 
IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
 
SS Introduction to Docker
SS Introduction to DockerSS Introduction to Docker
SS Introduction to Docker
 
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
IBM Bluemix Paris Meetup #14 - Le Village by CA - 20160413 - Introduction à D...
 
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
Back to the Future: Containerize Legacy Applications - Rob Tanner, Northern T...
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 
What's New in Docker
What's New in DockerWhat's New in Docker
What's New in Docker
 
Docker Introduction
Docker IntroductionDocker Introduction
Docker Introduction
 

More from Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

More from Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Recently uploaded

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Docker Container Security: Supply Chain, Runtime, Infrastructure & Compliance

  • 2. Group Product Manager, Docker Yuvraj Mehta Solutions Architect, Docker Steve Richards
  • 3. Agenda ● Container Security Verticals ● Secure Software Supply Chain ● Runtime Security ● Infrastructure Security ● Compliance ● DEMO TIME!!
  • 4. Secure Supply Chain Securing the Software Pipeline Docker Enterprise Security Verticals Runtime Security Securing the Application in Production Infrastructure Security Securing Infrastructure from the Application Compliance Meet Regulatory Standards
  • 6. Secure Software Supply Chain Docker Trusted Registry IT OPERATIONS Control Plane Security scan & sign Traditional Third Party Microservices DEVELOPERS
  • 7. docker trust init org/example Trusted Images: Scanning docker trust init org/example docker trust sign org/example:latest FEATURE • Deep visibility with binary level scanning • Integrated workflow for a secure supply chain • Enable proactive risk management BENEFITS • Detailed BOM of included components and vulnerability profile • Covers wide array of languages & OS including Windows
  • 8. docker trust init org/example Trusted Images: Signing docker trust init org/example docker trust sign org/example:latest FEATURE • Run only trusted images in production • Establish a chain of custody for Docker images BENEFITS • Sign Docker images from developer to operations • Verifies the publisher of Docker images • Integrated with Docker CLI
  • 10. Automated Promotions Production Environments DTR Docker UCP Production Environments Docker UCP Non-Production EnvironmentsDeveloper Machine Development CI/CD Operations Datacenter 1 Datacenter 2 DTR Docker for DTR
  • 12. docker trust init org/example Identify Vulnerabilities in Production docker trust init org/example docker trust sign org/example:latest Docker Enterprise Control Plane Docker Trusted Registry Scan Data FEATURE BENEFITS • Create policies to manage service deployments using image vulnerability data • Maintain compliant deployment of production services • View vulnerability data of images deployed through the control plane • Roll up views for services & pods
  • 13. Run Trusted Images Developer signs an image and checks it into a registry Engine verifies that image is signed before pulling to local environment FEATURE BENEFITS • Verify that images are signed before pulling from registry • Enable or disable on a per-shell or per-invocation basis • Prevent the deployment of containers that use unsigned images • Enforce policies around image signing
  • 15. Secure Access: Single Sign-On with SAML v2.0 FEATURE BENEFITS • Allow for SSO to Docker Enterprise through existing identity provider (IdP) ○ Support for Okta and ADFS, with more IdPs added in the future • Continue to use LDAP synch for client bundle access • Achieve 2FA through identity provider • Credentials stored in IdP only; no local hosting of passwords
  • 16. Secure Access: Native Kubernetes RBAC FEATURE BENEFITS • Add native Kubernetes roles defined in YAML file • Distinct view of Kubernetes roles from Swarm roles • Define grants similar to Swarm • Deploy Helm charts • Use native Kubernetes RBAC primitives Node Worker Node Worker Node Worker Node Worker swarm mode cluster docker enterprise universal control plane trusted registry Node Worker Node Worker .NET Dev Team Using Swarm Java Dev Team using K8s Java Dev Team Using Swarm Ops Team
  • 18. FIPS 140-2 Validated Docker Enterprise-Engine FEATURE BENEFITS • Linux support included in 18.03 Engine, 18.09 now adds FIPS compliance for Windows • Automatically enable FIPS mode for Docker engine based upon host OS FIPS status • Use env variable to override O/S FIPS state • Meet regulatory requirements by deploying Docker Engines in a FIPS compliant mode • Prevent non-FIPS nodes from joining a FIPS compliant cluster DOCKER ENGINE containerd Docker API Networking Docker Build (BuildKit) Orchestration VolumesDistribution Docker CLI Plugins FIPS 140-2 Validated Encryption Module
  • 19. Detailed Audit Logs {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-fa6b-4ad6-901c-b587fab75277", "stage": "RequestReceived", "requestURI": "/api/v1/namespaces/default/pods", "verb": "list", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08-07T22:10:35.428850Z"}} orchestrator audit events audit logs user request {“audit”; { "metadata": {...}, "level": "Metadata", "timestamp": "2018-08-07T22:10:35Z", "auditID": "7559d301-94e7-4ad6-901c-b587fab31512", "stage": "RequestReceived", "requestURI": "/v1.30/configs/create", "verb": "post", "user": {"username": "alice",...}, "sourceIPs": ["127.0.0.1"], ..., "requestReceivedTimestamp": "2018-08-07T22:10:35.428850Z"}} kubernetes pod listing swarm config create FEATURE • Configurable audit logs for both Swarm and Kubernetes • Logs API calls tracking request, time, user, and response • Persistent storage of audit log BENEFITS • Track and investigate all security-relevant user activity in the cluster
  • 22. https://dockr.ly/Forrester Get the Forrester Report on Container Platforms  For more information visit:
  • 23. https://dockr.ly/WindowsServerUpgrade  Migrate Legacy Windows Before End of Support  For more information visit:
  • 24. Give Docker Enterprise a spin! trial.docker.com