Core Practices for Securing Containers

Are containers insecure? Not at all. Features like process isolation with user namespaces, resource encapsulation with cgroups, immutable images, and shipping minimal software and dependencies reduce the attack vector by providing a great deal of protection.

Container security tools are becoming hot topics in the modern IT space as early adoption fever is evolving into a mature ecosystem. Security is an unavoidable subject to address when planning to change how we architect our infrastructure.

This Refcard will lay out the basics of container security, assess key challenges, provide hands-on experience with basic security options, and introduce some more advanced workflows.

We’ll split container security into three sections, covering what to do at each step of your container security lifecycle:

  • CI/CD and pre-deployment security
  • Runtime security
  • Incident response and forensics

Lastly, we will take a look at Docker and Kubernetes security principles, how cloud providers work with Docker containers, and what security options are available.

This is an excerpt from DZone’s 2022 Docker Security Refcard For more: Read the Refcard