Over the course of the past 10 years, traditional application development methodology (waterfall) has given way in favor of the more agile DevOps-centric methodologies focused on continuous delivery and continuous deployment. This trend was turbocharged in 2013 when Docker containers came onto the scene and ushered in the proverbial crossing of the chasm in container adoption. A recent Tripwire study revealed that 87% of surveyed organizations had containers deployed in production. The same study revealed that 60% of organizations had suffered a container security incident in 2018.

Whether you’re using containers to build your application from the ground up or porting your existing monolithic apps to a containerized environment, you need to realize that container environments introduce a unique set of security challenges that you should be ready to address from Day One as you begin to pull your base images to build your containers until they’re deployed and running in production environments. Not surprisingly, Gartner has named container security in its list of top 10 security projects of 2019.

What follows are five of the most common container security risks you must be aware of along with practical recommendations to help improve your security posture.

1. Using insecure images

Containers are built using either a parent or a base image. Images are useful for building containers because you can reuse the various components of an image instead of building a container image from scratch. However, like any piece of code, images or their dependencies could contain vulnerabilities.


Image security starts with enforcing strict vulnerability scanning practices and image provenance policies. Consider using a policy that will reject images from being used if they haven’t been scanned in the last 60 days or if they’re sourced from a non-whitelisted image registry.

2. Containers running with the privileged flag

(Read more...)