2 years ago

Category: Software, Security, Data, Kubernetes, Docker, containerization, gitlab

With the eyes of the security world converging on Black Hat USA next week, now is a good time to remember that building secure applications is paramount. In the latest chapter in Docker’s security story, Docker CTO Justin Cormack last month provided an important update on software supply chain security.

The long-awaited document is important because the software supply chain — that stage of the software development journey in which software is written, assembled, built or tested before production — has become a favored target of cyber criminals.

The article, titled “What Does It Take to Secure Containers,” quotes Justin on why creating a trusted pipeline is so critical: “Every time you use software that you didn’t write yourself, often open source software that you use in your applications, you are trusting both that the software you added is what you thought it is, and that it is trustworthy not hostile.

He also highlights open source tools that enable you to establish security guardrails, ensuring you build in security from the start, with programmatic enforcement in development pipelines, and stay secure with automated enforcement in the K8s runtime.