Docker revolutionized software development by making containers accessible to all developers. Learn how Docker is now reimagining securing the software supply chain (SSC) to make security the easy default for all developers. Docker is modernizing its toolchain — tools you use everyday — to provide SSC security by default: software bill of materials (SBOMs), provenance, cryptographic signing, verification, and more. This DockerCon talk demonstrates the application of these principles and tools to the Docker Official Images (DOI) catalog. With billions of pulls from Docker Hub each month, DOI are a significant link in most teams’ software supply chains. Also find out how Docker and BastionZero have leveraged open standards like The Update Framework (TUF) and Supply-Chain Levels for Software Artifacts (SLSA) along with a novel, decentralized signing approach that leverages modern cryptographic approaches, including OpenPubkey, to augment open source projects like BuildKit and the Docker CLI to incorporate SSC metadata and verification.
Resources:
Announcing Docker Scout GA: Actionable Insights for the Software Supply Chain – https://www.docker.com/blog/announcing-docker-scout-ga/
Try Docker Scout – https://www.docker.com/products/docker-scout/
Try Docker Scout – https://www.docker.com/products/docker-scout/
Docker Official Images (DOI) – https://docs.docker.com/trusted-content/official-images/
Join the conversation!
LinkedIn → https://dockr.ly/LinkedIn
Twitter → https://dockr.ly/Twitter
Facebook → https://dockr.ly/Facebook
Instagram → https://dockr.ly/Instagram
ABOUT DOCKER: Docker provides a suite of development tools, services, trusted content, and automations, used individually or together, to accelerate the delivery of secure applications.
#docker #dockerimages #SoftwareSupplyChain
