Docker Security - Aqua https://www.aquasec.com/tag/docker-security/ Cloud Native Security, Container Security & Serverless Security Mon, 15 Jul 2024 08:10:09 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 A Security Review of Docker Official Images: Which Do You Trust? https://www.aquasec.com/blog/docker-official-images/ Tue, 24 Aug 2021 10:14:12 +0000 https://www.aquasec.com/?p=15167 A Security Review of Docker Official Images: Which Do You Trust?A key element in building secure containerized applications is to ensure that the base image that you use is well-maintained and secure. A common piece of advice is to use the Docker Official Images for this purpose. However, our research reveals that you need to be careful when using these images, as some are no …]]> Top 22 Docker Security Best Practices: Ultimate Guide https://www.aquasec.com/blog/docker-security-best-practices/ Thu, 01 Jul 2021 09:30:00 +0000 https://www.aquasec.com/?p=15220 Top 22 Docker Security Best Practices: Ultimate GuideWhile Docker has become synonymous with containers, various container tools and platforms have emerged to make the process of developing and running containers more efficient. Still, a lot of the same principles around Docker security apply for protecting container-based applications built with other tools as well. We compiled 20 essential Docker security best practices into …]]> The Challenges of Uniquely Identifying Your Images https://www.aquasec.com/blog/docker-image-tags/ Thu, 22 Apr 2021 15:30:35 +0000 https://www.aquasec.com/?p=15286 The Challenges of Uniquely Identifying Your ImagesOne of the challenges of container security is ensuring that the image you’re getting is exactly what you expect it to be. Both from a security and consistency perspective, it’s important to ensure there are no surprises in what you’re downloading. Docker image tags, whilst convenient, can’t always be relied on to point to a …]]> Maneuver Docker API for Host Takeover https://www.aquasec.com/blog/threat-alert-docker-api-host-takeover/ Tue, 05 Nov 2019 11:45:00 +0000 https://www.aquasec.com/?p=15717 Maneuver Docker API for Host TakeoverDocker clients can communicate with the daemon either locally, via a unix socket, or over a network via a TCP socket. Aqua’s research team discovered an interesting attack vector running on top of an unsecured Docker socket API. Instead of running a malicious Docker image, the attacker changes the traditional entry-point to take control over …]]> CVE-2019-5021: Alpine Docker Image ‘null root password’ Vulnerability https://www.aquasec.com/blog/cve-2019-5021-alpine-docker-image-vulnerability/ Sun, 12 May 2019 11:00:18 +0000 https://www.aquasec.com/?p=15831 CVE-2019-5021: Alpine Docker Image ‘null root password’ VulnerabilityA new vulnerability that impacts Alpine Docker images was published last week. The vulnerability is due to the ‘root’ user password which is set, by default, to NULL on Alpine Docker images from version 3.3 or higher. This CVE does not impact Alpine distros that are not delivered as Docker images. Containers that are based on …]]> Docker Hub Unauthorized Access Incident: What You Should Know https://www.aquasec.com/blog/docker-hub-incident-container-encryption/ Mon, 29 Apr 2019 13:48:07 +0000 https://www.aquasec.com/?p=15839 Docker Hub Unauthorized Access Incident: What You Should KnowA few days ago, Docker discovered that a database holding the credentials of some 190,000 Docker Hub accounts was exposed to unauthorized access (about 5% of all Docker Hub accounts). We’ve been getting questions from customers on this, so I wanted to set the record straight on what we know and what we recommend doing. …]]> Mitigating High Severity RunC Vulnerability (CVE-2019-5736) https://www.aquasec.com/blog/runc-vulnerability-cve-2019-5736/ Tue, 12 Feb 2019 10:53:53 +0000 https://www.aquasec.com/?p=15875 Mitigating High Severity RunC Vulnerability (CVE-2019-5736)Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being exploited by applying the appropriate runtime policies.  What is the vulnerability …]]> Aqua MicroScanner: Free Image Vulnerability Scanning Plugin for Jenkins https://www.aquasec.com/blog/aqua-microscanner-free-image-vulnerability-scanning-plug-in-for-jenkins/ Wed, 13 Jun 2018 08:55:00 +0000 https://www.aquasec.com/?p=15980 Aqua MicroScanner: Free Image Vulnerability Scanning Plugin for JenkinsA few weeks ago we released Aqua MicroScanner, a free vulnerability scanner that you can embed into the dockerfile and automate scanning during image build. A few hundred users later and with feedback we received from the community, we’re now happy to release a native Jenkins plug-in for MicroScanner. How it Works For a quick …]]> Popular Docker Networking and Kubernetes Networking Tools https://www.aquasec.com/blog/popular-docker-networking-and-kubernetes-networking-tools/ Thu, 19 Apr 2018 09:01:00 +0000 https://www.aquasec.com/?p=16015 Popular Docker Networking and Kubernetes Networking ToolsIn a previous post, we explored six tools for storing data for Docker containers. Another challenge in container environments is getting containers to network in a consistent and secure manner – especially as container workloads may appear on different hosts as applications scale out, then disappear when they’re not needed. On a single host, Docker …]]> 10 Essential Container CI/CD Tools https://www.aquasec.com/blog/10-essential-container-ci-cd-tools/ Tue, 20 Feb 2018 04:49:08 +0000 https://www.aquasec.com/?p=16063 10 Essential Container CI/CD ToolsContinuous integration and continuous delivery (CI/CD) are two of the biggest trends in software development. As companies move to release higher quality software at a faster pace, developers and engineers need new approaches to building, testing, and delivering products. As a result, many companies are turning to Docker to build, test, and deploy their applications. …]]>