preloder
Docker Image Security in 5 Minutes or Less

Docker Image Security in 5 Minutes or Less

The Anchore Engine is an open source project that provides a centralized service for deep inspection, analysis and certification of container images. It is provided as a Docker container image that can be run standalone or on an orchestration platform such as Kubernetes, Docker Swarm, or Amazon ECS. One great feature of the Open Source Anchore Engine is ease of installation. This allows anyone to get up and running with a world class Docker image analyzer in only about 5 minutes.

In this blog I will run through the 8 easy steps you can follow to install the Anchore Engine and start performing checks around security, compliance and operational best practices.

5 CI/CD Platforms and How They Leverage Docker Container Technology

5 CI/CD Platforms and How They Leverage Docker Container Technology

As containers have exploded onto the IT landscape over the last few years, more and more companies are turning to Docker to provide a quick and effective means to release software at a faster pace.

This shift has caused many Continuous Integration and Continuous Delivery (CI/CD) tools and companies to strategically create and weave new container native solutions into their platforms.

In this blog we’ll take a look at some of the top CI/CD players in the game and the shifts they’ve made to support their users in this brave new world of containers.

Vendorless – Security the Open Source Way

Whether you love or hate the term, ‘serverless’ is one of the hottest new trends in the cloud computing world. Despite what the name may suggest, there are certainly still servers running your code, the real innovation here is that you do not need to manage these servers you just publish your code to be run by the serverless infrastructure. This architecture can be better described as FaaS: functions as a service or BaaS: backend as a service. Amazon lead this innovation with its Lamda service and other cloud providers have followed suit, including Google with Google Cloud Functions and Microsoft with Azure Functions.

Why CVE Scanning Still Isn’t Enough

Why CVE Scanning Still Isn’t Enough

On Thursday the Node Package Manager team removed a node package from the NPMJS.org registry. You can read more about the discovery in this bleepingcomputer article or on incident reported on the the npm blog. This package was found to have a malicious payload which provided a framework for a remote attacker to execute arbitrary code. While the module was removed from the NPM registry you may already have this module in your environment.