Security assessment of third-party Docker images has been a challenge
due to the lack of verifiability in the software supply chain. Images maintained by a reputable organization or an individual are often considered trustworthy; however, it is hard to deny the possibility that they might have silently injected malicious codes not present in the source repo. And even if they have no malicious intent, their images can still be compromised by an accidental leakage of registry credentials.
The latest release of BuildKit solves this supply chain security concern with
reproducible builds. Reproducible builds is a technique to ensure that a bit-for-bit identical image can be reproduced from its source code by anybody at any time. When multiple actors can attest to an image’s reproducibility, it signifies that the image contains no code of a secret origin.
Learn how to make images reproducible to improve their trust.
Resources:
Docker BuildKit – https://docs.docker.com/build/buildkit/
Generating SBOMs for Your Image with BuildKit – https://www.docker.com/blog/generate-sboms-with-buildkit/
Get started with Docker – https://www.docker.com/get-started/
What are containers? https://www.docker.com/resources/what-container/
Try Docker Desktop https://www.docker.com/products/docker-desktop/
Docker 101 Tutorial https://www.docker.com/101-tutorial/
Join the conversation!
LinkedIn → https://dockr.ly/LinkedIn
Twitter → https://dockr.ly/Twitter
Facebook → https://dockr.ly/Facebook
Instagram → https://dockr.ly/Instagram
ABOUT DOCKER: Docker provides a suite of development tools, services, trusted content, and automations, used individually or together, to accelerate the delivery of secure applications.
#docker #softwaredevelopment #devops
