SlideShare une entreprise Scribd logo

Securing your Containers (Meetup at Docker HQ 4/7)

Docker, Inc.
Docker, Inc.

Steps to becoming Seaworthy by Riyaz Faizullabhoy (@riyazdf), Docker Security Team

Technologie
1  sur  17
Télécharger pour lire hors ligne
Securing your Containers Steps to becoming Seaworthy Riyaz Faizullabhoy - @riyazdf Docker Security Team
Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
Official Images • Vetted for best practices • Scanned for CVEs • Lobby upstream to fix security problems • Promptly updated
• Check for secure daemon + system configuration • Audit containers in context • Check for best practices Docker Bench for Security
Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
Docker Content Trust • Sign images at point of authorship (using Notary) • Removes implicit trust of storage service and network • Guarantee integrity of your images when pulled
Nautilus • Scan images for CVEs • Detects vulns in libraries statically compiled into binaries
Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
User Namespaces • Map users and groups to their own UID/GID range • TL;DR - Root in a container is not root outside a container Docker Host Container 1 Container 2 Container 3
Control Groups • a.k.a cgroups • Control resource usage of a container • Good for container multitenancy
Capabilities • No longer root vs. non-root • Finer grained control on what the process can do
Seccomp • SECure COMPuting mode. • Filter permitted system calls
AppArmor • Per process security profiles • Define once, apply many times • Finest grained control
Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
THANK YOU

Recommandé

Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Michelle Antebi
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Patrick Chanezon
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker, Inc.
 
Docker basics
Docker basicsDocker basics
Docker basicsAmanSoni129
 
Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGAjeet Singh Raina
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetesNexThoughts Technologies
 

Recommandé

Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)
Docker swarm-mike-goelzer-mv-meetup-45min-workshop 02242016 (1)Michelle Antebi
 
Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Docker Container As A Service - March 2016
Docker Container As A Service - March 2016Patrick Chanezon
 
Docker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker Birthday #3 - Intro to Docker Slides
Docker Birthday #3 - Intro to Docker SlidesDocker, Inc.
 
Docker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker Online Meetup: Infrakit update and Q&A
Docker Online Meetup: Infrakit update and Q&ADocker, Inc.
 
Docker basics
Docker basicsDocker basics
Docker basicsAmanSoni129
 
Introduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGIntroduction to Docker - IndiaOpsUG
Introduction to Docker - IndiaOpsUGAjeet Singh Raina
 
Docker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker Datacenter Overview and Production Setup Slides
Docker Datacenter Overview and Production Setup SlidesDocker, Inc.
 
Docker & kubernetes
Docker & kubernetesDocker & kubernetes
Docker & kubernetesNexThoughts Technologies
 
Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerDocker, Inc.
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesAjeet Singh Raina
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresDocker, Inc.
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Docker, Inc.
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016Docker, Inc.
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.
 
Global Persistence for Docker
Global Persistence for DockerGlobal Persistence for Docker
Global Persistence for DockerDocker, Inc.
 
How to be successful running Docker in Production
How to be successful running Docker in ProductionHow to be successful running Docker in Production
How to be successful running Docker in ProductionDocker, Inc.
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatDocker, Inc.
 
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Docker, Inc.
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDocker, Inc.
 
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker, Inc.
 
DockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDocker, Inc.
 
Docker Platform 1.9
Docker Platform 1.9Docker Platform 1.9
Docker Platform 1.9Docker, Inc.
 
Containers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesContainers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesDmitry Lazarenko
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.
 
Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Hussain Mansoor
 
Building Images from dockerfiles
Building Images from dockerfilesBuilding Images from dockerfiles
Building Images from dockerfilesDocker, Inc.
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDocker, Inc.
 

Contenu connexe

Tendances

Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerDocker, Inc.
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesAjeet Singh Raina
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresDocker, Inc.
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017Docker, Inc.
 
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Docker, Inc.
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016Docker, Inc.
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDocker, Inc.
 
Global Persistence for Docker
Global Persistence for DockerGlobal Persistence for Docker
Global Persistence for DockerDocker, Inc.
 
How to be successful running Docker in Production
How to be successful running Docker in ProductionHow to be successful running Docker in Production
How to be successful running Docker in ProductionDocker, Inc.
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatDocker, Inc.
 
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Docker, Inc.
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDocker, Inc.
 
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker, Inc.
 
DockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDocker, Inc.
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker, Inc.
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDocker, Inc.
 
Docker Platform 1.9
Docker Platform 1.9Docker Platform 1.9
Docker Platform 1.9Docker, Inc.
 
Containers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesContainers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesDmitry Lazarenko
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Docker, Inc.
 
Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Hussain Mansoor
 

Tendances (20)

Production Ready Containers from IBM and Docker
Production Ready Containers from IBM and DockerProduction Ready Containers from IBM and Docker
Production Ready Containers from IBM and Docker
 
Monitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & MicroservicesMonitoring Dell Infrastructure using Docker & Microservices
Monitoring Dell Infrastructure using Docker & Microservices
 
Orchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failuresOrchestrating Linux Containers while tolerating failures
Orchestrating Linux Containers while tolerating failures
 
Introduction to Docker - 2017
Introduction to Docker - 2017Introduction to Docker - 2017
Introduction to Docker - 2017
 
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
Infinit's Next Generation Key-value Store - Julien Quintard and Quentin Hocqu...
 
Docker Roadshow 2016
Docker Roadshow 2016Docker Roadshow 2016
Docker Roadshow 2016
 
DockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life ObservationsDockerCon EU 2015: Nesting Containers: Real Life Observations
DockerCon EU 2015: Nesting Containers: Real Life Observations
 
Global Persistence for Docker
Global Persistence for DockerGlobal Persistence for Docker
Global Persistence for Docker
 
How to be successful running Docker in Production
How to be successful running Docker in ProductionHow to be successful running Docker in Production
How to be successful running Docker in Production
 
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red HatPractical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
Practical Container Security by Mrunal Patel and Thomas Cameron, Red Hat
 
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
Highly Available Persistent Applications in Containers by Kendrick Coleman, E...
 
DockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General SessionDockerCon EU 2015: Day 1 General Session
DockerCon EU 2015: Day 1 General Session
 
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker Online Meetup #30: Docker Trusted Registry 1.4.1Docker Online Meetup #30: Docker Trusted Registry 1.4.1
Docker Online Meetup #30: Docker Trusted Registry 1.4.1
 
DockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker EngineDockerCon EU 2015: The Latest in Docker Engine
DockerCon EU 2015: The Latest in Docker Engine
 
Docker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to DockerDocker Bday #5, SF Edition: Introduction to Docker
Docker Bday #5, SF Edition: Introduction to Docker
 
DockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTRDockerCon SF 2015: DHE/DTR
DockerCon SF 2015: DHE/DTR
 
Docker Platform 1.9
Docker Platform 1.9Docker Platform 1.9
Docker Platform 1.9
 
Containers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. KubernetesContainers orchestrators: Docker vs. Kubernetes
Containers orchestrators: Docker vs. Kubernetes
 
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
Automation and Collaboration Across Multiple Swarms Using Docker Cloud - Marc...
 
Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022Intro to docker - innovation demo 2022
Intro to docker - innovation demo 2022
 

En vedette

Building Images from dockerfiles
Building Images from dockerfilesBuilding Images from dockerfiles
Building Images from dockerfilesDocker, Inc.
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDocker, Inc.
 
Distributed, Real-time Web Apps
Distributed, Real-time Web AppsDistributed, Real-time Web Apps
Distributed, Real-time Web AppsDocker, Inc.
 
DockerCon SF 2015: Education for a digital world
DockerCon SF 2015: Education for a digital worldDockerCon SF 2015: Education for a digital world
DockerCon SF 2015: Education for a digital worldDocker, Inc.
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing StashboardDocker, Inc.
 
Dockercon Swarm Updated
Dockercon Swarm UpdatedDockercon Swarm Updated
Dockercon Swarm UpdatedDocker, Inc.
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDocker, Inc.
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPressDocker, Inc.
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDocker, Inc.
 
Deploying Containers and Managing Them
Deploying Containers and Managing ThemDeploying Containers and Managing Them
Deploying Containers and Managing ThemDocker, Inc.
 
DockerCon 14 Keynote Day 2
DockerCon 14 Keynote Day 2DockerCon 14 Keynote Day 2
DockerCon 14 Keynote Day 2Docker, Inc.
 
Victor Vieux at Docker Paris Meetup #1
Victor Vieux at Docker Paris Meetup #1Victor Vieux at Docker Paris Meetup #1
Victor Vieux at Docker Paris Meetup #1Docker, Inc.
 
LXC to Docker Via Continuous Delivery
LXC to Docker Via Continuous DeliveryLXC to Docker Via Continuous Delivery
LXC to Docker Via Continuous DeliveryDocker, Inc.
 
Making it Easier to Contribute to Open Source Projects Using Docker Container...
Making it Easier to Contribute to Open Source Projects Using Docker Container...Making it Easier to Contribute to Open Source Projects Using Docker Container...
Making it Easier to Contribute to Open Source Projects Using Docker Container...Docker, Inc.
 
DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar Together
DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar TogetherDockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar Together
DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar TogetherDocker, Inc.
 
DockerCon14 Automated Chef Cookbook Testing
DockerCon14 Automated Chef Cookbook TestingDockerCon14 Automated Chef Cookbook Testing
DockerCon14 Automated Chef Cookbook TestingDocker, Inc.
 
Introduction to Docker I Docker Workshop @ Twitter
Introduction to Docker I Docker Workshop @ TwitterIntroduction to Docker I Docker Workshop @ Twitter
Introduction to Docker I Docker Workshop @ TwitterDocker, Inc.
 
DockerCon SF 2015: Orchestration for Devs (machine + compose)
DockerCon SF 2015: Orchestration for Devs (machine + compose)DockerCon SF 2015: Orchestration for Devs (machine + compose)
DockerCon SF 2015: Orchestration for Devs (machine + compose)Docker, Inc.
 
DockerCon SF 2015: Beyond CI to Production Scale PaaS with Docker
DockerCon SF 2015: Beyond CI to Production Scale PaaS with DockerDockerCon SF 2015: Beyond CI to Production Scale PaaS with Docker
DockerCon SF 2015: Beyond CI to Production Scale PaaS with DockerDocker, Inc.
 
Understanding Containers through Gaming by Brendan Fosberry
Understanding Containers through Gaming by Brendan Fosberry Understanding Containers through Gaming by Brendan Fosberry
Understanding Containers through Gaming by Brendan Fosberry Docker, Inc.
 

En vedette (20)

Building Images from dockerfiles
Building Images from dockerfilesBuilding Images from dockerfiles
Building Images from dockerfiles
 
DockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to MinutesDockerCon SF 2015: From Months to Minutes
DockerCon SF 2015: From Months to Minutes
 
Distributed, Real-time Web Apps
Distributed, Real-time Web AppsDistributed, Real-time Web Apps
Distributed, Real-time Web Apps
 
DockerCon SF 2015: Education for a digital world
DockerCon SF 2015: Education for a digital worldDockerCon SF 2015: Education for a digital world
DockerCon SF 2015: Education for a digital world
 
Dockerizing Stashboard
Dockerizing StashboardDockerizing Stashboard
Dockerizing Stashboard
 
Dockercon Swarm Updated
Dockercon Swarm UpdatedDockercon Swarm Updated
Dockercon Swarm Updated
 
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaSDockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
DockerCon EU 2015: The Glue is the Hard Part: Making a Production-Ready PaaS
 
Dockerizing WordPress
Dockerizing WordPressDockerizing WordPress
Dockerizing WordPress
 
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the GovernmentDockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
DockerCon SF 2015: How to Build a Secure DevOps Environment for the Government
 
Deploying Containers and Managing Them
Deploying Containers and Managing ThemDeploying Containers and Managing Them
Deploying Containers and Managing Them
 
DockerCon 14 Keynote Day 2
DockerCon 14 Keynote Day 2DockerCon 14 Keynote Day 2
DockerCon 14 Keynote Day 2
 
Victor Vieux at Docker Paris Meetup #1
Victor Vieux at Docker Paris Meetup #1Victor Vieux at Docker Paris Meetup #1
Victor Vieux at Docker Paris Meetup #1
 
LXC to Docker Via Continuous Delivery
LXC to Docker Via Continuous DeliveryLXC to Docker Via Continuous Delivery
LXC to Docker Via Continuous Delivery
 
Making it Easier to Contribute to Open Source Projects Using Docker Container...
Making it Easier to Contribute to Open Source Projects Using Docker Container...Making it Easier to Contribute to Open Source Projects Using Docker Container...
Making it Easier to Contribute to Open Source Projects Using Docker Container...
 
DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar Together
DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar TogetherDockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar Together
DockerCon SF 2015: Panel Discussion Birds of a Different Feather Soar Together
 
DockerCon14 Automated Chef Cookbook Testing
DockerCon14 Automated Chef Cookbook TestingDockerCon14 Automated Chef Cookbook Testing
DockerCon14 Automated Chef Cookbook Testing
 
Introduction to Docker I Docker Workshop @ Twitter
Introduction to Docker I Docker Workshop @ TwitterIntroduction to Docker I Docker Workshop @ Twitter
Introduction to Docker I Docker Workshop @ Twitter
 
DockerCon SF 2015: Orchestration for Devs (machine + compose)
DockerCon SF 2015: Orchestration for Devs (machine + compose)DockerCon SF 2015: Orchestration for Devs (machine + compose)
DockerCon SF 2015: Orchestration for Devs (machine + compose)
 
DockerCon SF 2015: Beyond CI to Production Scale PaaS with Docker
DockerCon SF 2015: Beyond CI to Production Scale PaaS with DockerDockerCon SF 2015: Beyond CI to Production Scale PaaS with Docker
DockerCon SF 2015: Beyond CI to Production Scale PaaS with Docker
 
Understanding Containers through Gaming by Brendan Fosberry
Understanding Containers through Gaming by Brendan Fosberry Understanding Containers through Gaming by Brendan Fosberry
Understanding Containers through Gaming by Brendan Fosberry
 

Similaire à Securing your Containers (Meetup at Docker HQ 4/7)

IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerDavid Currie
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsRamit Surana
 
DockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDocker, Inc.
 
GlobalAzureBootCamp 2018
GlobalAzureBootCamp 2018GlobalAzureBootCamp 2018
GlobalAzureBootCamp 2018girish goudar
 
Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker ContainerJesus Guzman
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker, Inc.
 
DockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDocker, Inc.
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2Docker, Inc.
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciRajesh Kolla
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container SecuritySuraj Khetani
 
Virtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesVirtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesabhishek chawla
 
Virtualized Containers - How Good is it - Ananth - Siemens - CC18
Virtualized Containers - How Good is it - Ananth - Siemens - CC18Virtualized Containers - How Good is it - Ananth - Siemens - CC18
Virtualized Containers - How Good is it - Ananth - Siemens - CC18CodeOps Technologies LLP
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to dockerJohn Willis
 

Similaire à Securing your Containers (Meetup at Docker HQ 4/7) (20)

IBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and DockerIBM WebSphere Application Server traditional and Docker
IBM WebSphere Application Server traditional and Docker
 
Docker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and toolsDocker for the new Era: Introducing Docker,its components and tools
Docker for the new Era: Introducing Docker,its components and tools
 
DockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ DockerDockerCon SF 2015: Getting Started w/ Docker
DockerCon SF 2015: Getting Started w/ Docker
 
GlobalAzureBootCamp 2018
GlobalAzureBootCamp 2018GlobalAzureBootCamp 2018
GlobalAzureBootCamp 2018
 
Containers 101
Containers 101Containers 101
Containers 101
 
Oracle database on Docker Container
Oracle database on Docker ContainerOracle database on Docker Container
Oracle database on Docker Container
 
Docker 101: Introduction to Docker
Docker 101: Introduction to DockerDocker 101: Introduction to Docker
Docker 101: Introduction to Docker
 
DockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image DistributionDockerCon SF 2015: A New Model for Image Distribution
DockerCon SF 2015: A New Model for Image Distribution
 
Docker Registry V2
Docker Registry V2Docker Registry V2
Docker Registry V2
 
Containers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aciContainers docker-docker hub-azureacr-azure aci
Containers docker-docker hub-azureacr-azure aci
 
Docker Container Security
Docker Container SecurityDocker Container Security
Docker Container Security
 
Linuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharborLinuxcon secureefficientcontainerimagemanagementharbor
Linuxcon secureefficientcontainerimagemanagementharbor
 
Docker lxc win
Docker lxc winDocker lxc win
Docker lxc win
 
Virtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management servicesVirtualization, Containers, Docker and scalable container management services
Virtualization, Containers, Docker and scalable container management services
 
Containers and Security for DevOps
Containers and Security for DevOpsContainers and Security for DevOps
Containers and Security for DevOps
 
Virtualized Containers - How Good is it - Ananth - Siemens - CC18
Virtualized Containers - How Good is it - Ananth - Siemens - CC18Virtualized Containers - How Good is it - Ananth - Siemens - CC18
Virtualized Containers - How Good is it - Ananth - Siemens - CC18
 
Virtualized containers
Virtualized containersVirtualized containers
Virtualized containers
 
ExpoQA 2017 Docker and CI
ExpoQA 2017 Docker and CIExpoQA 2017 Docker and CI
ExpoQA 2017 Docker and CI
 
Docker & ci
Docker & ciDocker & ci
Docker & ci
 
Introduction to docker
Introduction to dockerIntroduction to docker
Introduction to docker
 

Plus de Docker, Inc.

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Docker, Inc.
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXDocker, Inc.
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeDocker, Inc.
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDocker, Inc.
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubDocker, Inc.
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices WorldDocker, Inc.
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...Docker, Inc.
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with DockerDocker, Inc.
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeDocker, Inc.
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryDocker, Inc.
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Docker, Inc.
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog ScaleDocker, Inc.
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels Docker, Inc.
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelDocker, Inc.
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSDocker, Inc.
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...Docker, Inc.
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDocker, Inc.
 

Plus de Docker, Inc. (20)

Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience Containerize Your Game Server for the Best Multiplayer Experience
Containerize Your Game Server for the Best Multiplayer Experience
 
How to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker BuildHow to Improve Your Image Builds Using Advance Docker Build
How to Improve Your Image Builds Using Advance Docker Build
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
Securing Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINXSecuring Your Containerized Applications with NGINX
Securing Your Containerized Applications with NGINX
 
How To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and ComposeHow To Build and Run Node Apps with Docker and Compose
How To Build and Run Node Apps with Docker and Compose
 
Hands-on Helm
Hands-on Helm Hands-on Helm
Hands-on Helm
 
Distributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at SalesforceDistributed Deep Learning with Docker at Salesforce
Distributed Deep Learning with Docker at Salesforce
 
The First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker HubThe First 10M Pulls: Building The Official Curl Image for Docker Hub
The First 10M Pulls: Building The Official Curl Image for Docker Hub
 
Monitoring in a Microservices World
Monitoring in a Microservices WorldMonitoring in a Microservices World
Monitoring in a Microservices World
 
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
COVID-19 in Italy: How Docker is Helping the Biggest Italian IT Company Conti...
 
Predicting Space Weather with Docker
Predicting Space Weather with DockerPredicting Space Weather with Docker
Predicting Space Weather with Docker
 
Become a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio CodeBecome a Docker Power User With Microsoft Visual Studio Code
Become a Docker Power User With Microsoft Visual Studio Code
 
How to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container RegistryHow to Use Mirroring and Caching to Optimize your Container Registry
How to Use Mirroring and Caching to Optimize your Container Registry
 
Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!Monolithic to Microservices + Docker = SDLC on Steroids!
Monolithic to Microservices + Docker = SDLC on Steroids!
 
Kubernetes at Datadog Scale
Kubernetes at Datadog ScaleKubernetes at Datadog Scale
Kubernetes at Datadog Scale
 
Labels, Labels, Labels
Labels, Labels, Labels Labels, Labels, Labels
Labels, Labels, Labels
 
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment ModelUsing Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
Using Docker Hub at Scale to Support Micro Focus' Delivery and Deployment Model
 
Build & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWSBuild & Deploy Multi-Container Applications to AWS
Build & Deploy Multi-Container Applications to AWS
 
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
From Fortran on the Desktop to Kubernetes in the Cloud: A Windows Migration S...
 
Developing with Docker for the Arm Architecture
Developing with Docker for the Arm ArchitectureDeveloping with Docker for the Arm Architecture
Developing with Docker for the Arm Architecture
 

Dernier

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 

Dernier (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 

Securing your Containers (Meetup at Docker HQ 4/7)

  • 1. Securing your Containers Steps to becoming Seaworthy Riyaz Faizullabhoy - @riyazdf Docker Security Team
  • 2. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
  • 3.
  • 4. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
  • 5. Official Images • Vetted for best practices • Scanned for CVEs • Lobby upstream to fix security problems • Promptly updated
  • 6. • Check for secure daemon + system configuration • Audit containers in context • Check for best practices Docker Bench for Security
  • 7. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
  • 8. Docker Content Trust • Sign images at point of authorship (using Notary) • Removes implicit trust of storage service and network • Guarantee integrity of your images when pulled
  • 9. Nautilus • Scan images for CVEs • Detects vulns in libraries statically compiled into binaries
  • 10. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor
  • 11. User Namespaces • Map users and groups to their own UID/GID range • TL;DR - Root in a container is not root outside a container Docker Host Container 1 Container 2 Container 3
  • 12. Control Groups • a.k.a cgroups • Control resource usage of a container • Good for container multitenancy
  • 13. Capabilities • No longer root vs. non-root • Finer grained control on what the process can do
  • 14. Seccomp • SECure COMPuting mode. • Filter permitted system calls
  • 15. AppArmor • Per process security profiles • Define once, apply many times • Finest grained control
  • 16. Securing the pipeline Build Ship Run • Official Images • Docker Bench for Security • Docker Content Trust • Nautilus • User Namespaces • Cgroups • Capabilities • Seccomp • Apparmor