Islamisches Zentrum Hamburg: Innenministerium verbietet irrtümlich Chanels Youtube-Kanal
Im Verbotsverfahren gegen das Islamische Zentrum Hamburg ist dem Bundesinnenministerium ein Fauxpas passiert. (BMI, Video-Community)
Quelle: Golem
Im Verbotsverfahren gegen das Islamische Zentrum Hamburg ist dem Bundesinnenministerium ein Fauxpas passiert. (BMI, Video-Community)
Quelle: Golem
Auf unzähligen Windows-Systemen mussten zuletzt Bitlocker-Keys eingegeben werden. Ein IT-Team aus Australien hat dafür eine elegante Lösung gefunden. (Crowdstrike, Microsoft)
Quelle: Golem
Die kapazitiven Knöpfe VW ID.4 am Lenkrad sollen in Zusammenhang mit Unfällen stehen, behaupten Betroffene. (Volkswagen ID., Auto)
Quelle: Golem
Obwohl mehrmals angekündigt, hat sich bei Star Trek 4 bisher nichts getan. Kirk-Darsteller Chris Pine hat eine Vorstellung davon, was jetzt geschehen muss. (Star Trek, Film)
Quelle: Golem
The compliance and regulatory landscape is evolving and complicated, and the burden on developers to maintain compliance is not often acknowledged in articles about maintaining SOC 2, ISO 27001, FedRAMP, NIS 2, EU 14028, etc.
Docker’s products aim to put power into the developer’s hands to maintain compliance with these requirements and eliminate what can often be a bottleneck between engineering and security teams.
With a Docker Business subscription, Docker customers have access to granular controls and a full product suite which can help customers maintain compliance and improve controls.
Access controls
Docker’s solutions offer Single Sign On (SSO) allowing customers to streamline the Docker product suite with their existing access controls and identity provider (idP).
Docker customers can also enforce login to Docker Desktop. Utilizing the registry.json file, you can require that all users sign into Docker Desktop, providing granular access to Docker’s local desktop application.
Within Docker Hub, Organization Owners can control access to registries as well as public content and develop granular teams to ensure that teams have access to approved images.
Hardened Docker Desktop
By using security configurations available in Docker Desktop, customers can add additional security features to meet the needs of their environment. These features allow companies to comply with compliance and regulatory requirements for supply chain security, network security, and network access restriction and monitoring. These features include:
Settings Management
Docker Desktop’s Settings Management provides granular access controls so that customers can directly control all aspects of how their users interact within their environments. This includes, but is not limited to, the following:
Configure HTTP proxies, network settings, and Kubernetes settings.
Configure Docker Engine.
Turn off Docker Desktop’s ability to check for updates, turn off Docker Extensions, turn off beta and experimental features, etc.
Specify which paths for developer file shares.
Enhanced Container Isolation
Enhanced Container Isolation allows customers to designate security settings to help prevent container escape.
Registry Access Management
Using Registry Access Management, customers can granularly control which registries their users have access to, narrowing it down to just the registries they approve.
Image Access Management
Within Docker Hub, customers can also control what images their users have access to, allowing customers to create an inventory of approved and trusted content. With Image Access Management, customers can implement a secure software development life cycle (SDLC).
Air-Gapped Containers
With Docker Desktop’s Air-Gapped Containers, customers may also restrict containers from accessing network resources, limiting where data can be uploaded to or downloaded from. This feature allows customers more granular control over their development environment.
Vulnerability monitoring and continuous assessment with Docker Scout
All compliance and regulatory standards require vulnerability scanning to occur at the application level, but most solutions do not scan at the container level nor do they help prevent vulnerabilities from ever reaching production.
Docker Scout provides a GitHub application that can be embedded in the CI/CD to identify and prevent vulnerabilities in images from going into production. By using this as part of development, developers can patch during development reducing the amount of vulnerabilities identified as part of SAST, penetration testing, bug bounty programs, and so on.
Companies can also use Docker Scout to monitor their images for vulnerabilities, identify whether fixes are available, and provide the most up-to-date information to create more secure products. When a zero-day vulnerability is released, you can easily search your images for every instance and remediate them as soon as possible.
Policy management
Customers can utilize Docker Scout to monitor compliance for the following:
Monitor packages using AGPLv3 and GPLv3 licenses.
Ensure images specify a non-root username.
Monitor for all fixable critical and high vulnerabilities.
Outdated base images.
Supply chain attestations.
Customers can also create custom policies within Docker Scout to monitor their own compliance requirements. Do you have vulnerability SLAs? Monitor your environment to ensure you are meeting SLA requirements for vulnerability remediation.
Software Bill of Materials (SBOM)
Customers may also use Docker Scout to help compile full SBOMs. Many SBOM solutions do not look at images to break down the images into their individual components and packages. Docker Scout also supports multi-stage builds, which you won’t find in another solution.
Reduced security risk with Docker Build Cloud and Testcontainers Cloud
Docker Build Cloud
With Docker Build Cloud, organizations can have more autonomy throughout the build process through the following features:
By using remote build infrastructure, Docker Build Cloud ensures that build processes are isolated from local environments, reducing the risk of local vulnerabilities affecting the build process.
Customers do not need to manage individual build infrastructures. Centralized management allows for consistent security policies and updates across all builds.
The shared cache helps avoid redundant builds and reduces the attack surface by minimizing the number of times an image needs to be built from scratch.
Docker Build Cloud supports native multi-platform builds, ensuring that security configurations are consistent across different environments and platforms.
Testcontainers Cloud
Avoid running Docker runtime on your CI pipeline to support your tests. Testcontainers Cloud eliminates the complexity of running this securely and safely, through the use of the Testcontainers Cloud agent, which has a smaller attack surface area for your infrastructure.
With CI and Docker-in-Docker, developers do not need to run a root-privileged Docker daemon next to the source code, thereby reducing the supply chain risk.
Conclusion
Docker’s comprehensive approach to security and compliance empowers developers to efficiently manage these aspects throughout the development lifecycle. By integrating granular access controls, enhanced isolation, and continuous vulnerability monitoring, Docker ensures that security is a seamless part of the development process.
The Docker product suite equips developers with the tools they need to maintain compliance and manage security risks without security team intervention.
Learn more
Subscribe to the Docker Newsletter.
Get the latest release of Docker Desktop.
Get started with Testcontainers Cloud by creating a free account.
Vote on what’s next! Check out our public roadmap.
Have questions? The Docker community is here to help.
New to Docker? Get started.
Quelle: https://blog.docker.com/feed/
Die Glasfaser-Branche wollte langwierige Naturschutzprüfungen abschaffen lassen. Das Privileg bekommen jetzt nur die Mobilfunk-Betreiber. (Glasfaser, Mobilfunk)
Quelle: Golem
Amazon verkauft vorübergehend den Over-Ear-Kopfhörer Edifier W600BT mit Bluetooth zum halben Preis. (Kopfhörer, Sony)
Quelle: Golem
In dieser Woche fällt eine Bilanz zum Ausbau kleiner Dörfer mit Glasfaser bescheiden aus. Wir haben Deutsche Glasfaser und UGG nach den Gründen gefragt. (Glasfaser, Telekom)
Quelle: Golem
T-Mobile US erwirbt erneut einen Glasfaser-Netzbetreiber. Metronet baut sein Netz besonders schnell aus. (Telekom, Open Access)
Quelle: Golem
Ein erstes Indiz waren die fehlenden CPU-Testmuster für Medien. Jetzt hat AMD auch den Starttermin zum 31. Juli abgesagt. (Prozessor, AMD)
Quelle: Golem