https://www.aquasec.com/tag/docker-security/ Cloud Native Security, Container Security & Serverless Security Sun, 11 Aug 2024 08:46:32 +0000 en-US hourly 1 https://wordpress.org/?v=6.5.5 https://www.aquasec.com/blog/docker-official-images/ Tue, 24 Aug 2021 10:14:12 +0000 https://www.aquasec.com/?p=15167 A key element in building secure containerized applications is to ensure that the base image that you use is well-maintained and secure. A common piece of advice is to use the Docker Official Images for this purpose. However, our research reveals that you need to be careful when using these images, as some are no …]]> https://www.aquasec.com/blog/docker-security-best-practices/ Thu, 01 Jul 2021 09:30:00 +0000 https://www.aquasec.com/?p=15220 While Docker has become synonymous with containers, various container tools and platforms have emerged to make the process of developing and running containers more efficient. Still, a lot of the same principles around Docker security apply for protecting container-based applications built with other tools as well. We compiled 20 essential Docker security best practices into …]]> https://www.aquasec.com/blog/docker-image-tags/ Thu, 22 Apr 2021 15:30:35 +0000 https://www.aquasec.com/?p=15286 One of the challenges of container security is ensuring that the image you’re getting is exactly what you expect it to be. Both from a security and consistency perspective, it’s important to ensure there are no surprises in what you’re downloading. Docker image tags, whilst convenient, can’t always be relied on to point to a …]]> https://www.aquasec.com/blog/threat-alert-docker-api-host-takeover/ Tue, 05 Nov 2019 11:45:00 +0000 https://www.aquasec.com/?p=15717 Docker clients can communicate with the daemon either locally, via a unix socket, or over a network via a TCP socket. Aqua’s research team discovered an interesting attack vector running on top of an unsecured Docker socket API. Instead of running a malicious Docker image, the attacker changes the traditional entry-point to take control over …]]> https://www.aquasec.com/blog/cve-2019-5021-alpine-docker-image-vulnerability/ Sun, 12 May 2019 11:00:18 +0000 https://www.aquasec.com/?p=15831 A new vulnerability that impacts Alpine Docker images was published last week. The vulnerability is due to the ‘root’ user password which is set, by default, to NULL on Alpine Docker images from version 3.3 or higher. This CVE does not impact Alpine distros that are not delivered as Docker images. Containers that are based on …]]> https://www.aquasec.com/blog/docker-hub-incident-container-encryption/ Mon, 29 Apr 2019 13:48:07 +0000 https://www.aquasec.com/?p=15839 A few days ago, Docker discovered that a database holding the credentials of some 190,000 Docker Hub accounts was exposed to unauthorized access (about 5% of all Docker Hub accounts). We’ve been getting questions from customers on this, so I wanted to set the record straight on what we know and what we recommend doing. …]]> https://www.aquasec.com/blog/runc-vulnerability-cve-2019-5736/ Tue, 12 Feb 2019 10:53:53 +0000 https://www.aquasec.com/?p=15875 Yesterday it was disclosed that a new high severity (CVSS score 7.2) vulnerability (CVE-2019-5736) was found in runc, that allows an attacker to potentially compromise the container host. Patches are already available from most providers (see below). Aqua customers can also prevent this vulnerability from being exploited by applying the appropriate runtime policies.  What is the vulnerability …]]> https://www.aquasec.com/blog/aqua-microscanner-free-image-vulnerability-scanning-plug-in-for-jenkins/ Wed, 13 Jun 2018 08:55:00 +0000 https://www.aquasec.com/?p=15980 A few weeks ago we released Aqua MicroScanner, a free vulnerability scanner that you can embed into the dockerfile and automate scanning during image build. A few hundred users later and with feedback we received from the community, we’re now happy to release a native Jenkins plug-in for MicroScanner. How it Works For a quick …]]> https://www.aquasec.com/blog/popular-docker-networking-and-kubernetes-networking-tools/ Thu, 19 Apr 2018 09:01:00 +0000 https://www.aquasec.com/?p=16015 In a previous post, we explored six tools for storing data for Docker containers. Another challenge in container environments is getting containers to network in a consistent and secure manner – especially as container workloads may appear on different hosts as applications scale out, then disappear when they’re not needed. On a single host, Docker …]]> https://www.aquasec.com/blog/10-essential-container-ci-cd-tools/ Tue, 20 Feb 2018 04:49:08 +0000 https://www.aquasec.com/?p=16063 Continuous integration and continuous delivery (CI/CD) are two of the biggest trends in software development. As companies move to release higher quality software at a faster pace, developers and engineers need new approaches to building, testing, and delivering products. As a result, many companies are turning to Docker to build, test, and deploy their applications. …]]>