Search results: Docker images

Finding leaked credentials in Docker images - How to secure your Docker images

8.5% of Docker images expose API and Private Keys

| | DevSecOps
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors ...
CI/CD With Veracode Docker Images

CI/CD With Veracode Docker Images

|
On November 19, Veracode published new, official Docker images for use in continuous integration pipelines. The images, which provide access to Pipeline Scan, Policy (or Sandbox) scans, and the ability to access ...

How to Publish Docker Images on a Private Nexus Repository Using Jib Maven Plugin

How to create a Nexus repository manager using HTTP and how to set up a Docker repository to publish Docker images using the jib plugin. In this exercise, we are going to ...
Slim Docker Images for Rails

Slim Docker Images for Rails

|
At Tinfoil we’ve been building and distributing our applications with Docker for a few years now. One aspect we value of our Docker images is keeping them small and nimble. By default ...

Rezilion Research Discovers Hidden Vulnerabilities in Hundreds of Docker Container Images

| | Uncategorized
BE’ER SHEVA, Israel, (February 23) — Rezilion announced today the release of the company’s new research, “Hiding in Plain Sight: Hidden Vulnerabilities in Popular Open Source Containers,” uncovering the presence of hundreds ...
Stop Writing Classes

A Clean Start: Finding Vulnerabilities in your Docker Base Images

The ability to find and use a free public Docker base image makes it easy to bootstrap the creation of a new Microservice. However, “easy” doesn’t equate to “good.” Using a Docker ...
The Mysterious Ticking Noise (2007) 4k Upscaled

A few notes on AWS Nitro Enclaves: Images and attestation

| | Application Security
By Paweł Płatek (GrosQuildu) AWS Nitro Enclaves are locked-down virtual machines with support for attestation. They are Trusted Execution Environments (TEEs), similar to Intel SGX, making them useful for running highly security-critical ...

Unraveling the Threat of New Docker Malware Campaign

In recent times, Docker services have become a focal point for malicious actors seeking innovative ways to monetize their exploits. A recent discovery by cloud security firm Cado unveils a new Docker ...
Daniel Stori's 'Docker Panacea'

Daniel Stori’s ‘Docker Panacea’

via the webcomic talent of the inimitable Daniel Stori at Turnoff.US. Permalink ...