preloder
Docker Image Security in 5 Minutes or Less

Docker Image Security in 5 Minutes or Less

The Anchore Engine is an open source project that provides a centralized service for deep inspection, analysis and certification of container images. It is provided as a Docker container image that can be run standalone or on an orchestration platform such as Kubernetes, Docker Swarm, or Amazon ECS. One great feature of the Open Source Anchore Engine is ease of installation. This allows anyone to get up and running with a world class Docker image analyzer in only about 5 minutes.

In this blog I will run through the 8 easy steps you can follow to install the Anchore Engine and start performing checks around security, compliance and operational best practices.

Introducing Anchore Policy Hub

Introducing Anchore Policy Hub

The Anchore Policy Hub is a centralized repository of resources that are served and then can be loaded into/consumed by Anchore Engine, via anchore engine clients. This repository serves as the canonical store of source documents (initially, Anchore Policy Bundles), both serving as a location where pre-defined policy bundles can be easily fetched and loaded into Anchore Engine deployments to help with a starting point for creating your own bundles, as well as a location where users of Anchore can submit and share new policy bundles and, moving forward, other Anchore resources as well.

In this blog I will run through the 8 easy steps you can follow to install the Anchore Engine and start performing checks around security, compliance and operational best practices.

Docker Security Best Practices: Part 4 – Runtime Security

Docker Security Best Practices: Part 4 – Runtime Security

Previously, in our Docker Security Best Practices series, we took a deeper look into Docker Image security, and what best practices to follow. This post will continue the series, focusing on Docker container runtime, the challenges that come with securing them, and what countermeasures can be taken to achieve a better container runtime security stance. Left out from this discussion will be any considerations that touch on host or static image security.

Docker Security Best Practices: Part 3 – Securing Container Images

Docker Security Best Practices: Part 3 – Securing Container Images

Previously, in our Docker Security Best Practices series, we took a deeper look into Securing the Docker Host, and what best practices to follow. This post will continue the series, focusing on Docker images, the challenges that come with securing these artifacts, and what countermeasures can be taken to achieve a better container image security stance. Left out from this discussion will be any considerations that touch on host or runtime security.

Docker Security Best Practices: Part 2 – Securing the Docker Host

Docker Security Best Practices: Part 2 – Securing the Docker Host

A short while ago we published a blog on Docker security called Docker Security Best Practices: Part 1. We structured it by briefly discussing a comprehensive approach to security the entire container stack from top to bottom. This involves securing the underlying host operating system, the container images themselves, and the container runtime. In this post, we will discuss securing the host operating system in a bit more detail. In short, containerized applications are only as secure as the underlying host, as containers share the operating system kernel. There are some important operating system security best approaches that will strength this layer of the container stack and improve the overall security posture.