mardi 17 novembre 2015

Docker adds new security features

Boardroom security

Docker has unveiled some additional security features during the keynote speech of its DockerCon Europe conference.

The open source program will boast improved container safety without compromising developer workflows.

Docker will now conduct regular scans of its 90 official repositories in order to eliminate any coding flaws and implement some extra security tools. Users will be able to add hardware signing using a Yubico key and namespace support, meaning that Docker containers will not require root access. Both security additions are already available via the company’s experimental feature platform.

As software containers grow in popularity, Docker’s root access requirement threatens the integrity of apps developed using the platform. However, the new security protocols mean that root access is no longer necessary as developers can sign their containers digitally providing they have a YubiKey 4.

TechCrunch reports that Docker CTO Solomon Hykes used his keynote speech to emphasize how important security is to his organization and why businesses must "think about security from the beginning". For Docker, however, it is also important that security does not hinder developers during the software engineering process, particularly with the fast pace of modern development.

"It has been our goal from the beginning to develop a framework that secures Dockerized distributed applications throughout the entire application lifecycle", Hykes explained. "We’ve enabled developers and IT ops to benefit from a more secure environment, without having to learn a new set of commands or to be trained on a deep set of security principles. Docker security works as part of an integrated component without any disruption to developer productivity while providing IT with the appropriate level of security controls".

In order for the community to be fully aware of any security issues, Docker will also publish any vulnerabilities found within its official repositories.

Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.

Image Credit: Manczurov / Shutterstock



Aucun commentaire:

Enregistrer un commentaire