Source: www.docker.com
Notary v2 Project UpdateCategory: Software, Security
Supply chain security is something that has been increasingly important to all of us in the last few years. This is where some piece of software that you use turns out to be compromised or to contain vulnerabilities that in turn compromises your production environment.
Docker is committed to helping you build security into your supply chain, and we are working on more tools to help you with this.
We are looking to build a signing framework that can be used in every registry, and where signatures can be pushed and pulled with images so that you can identify that an image that you pull from your private on premise registry is the same as the Docker Official Image on Docker Hub, for example.
We are especially interested in your feedback around supply chain security and what you would like to see; we have had lots of really helpful feedback recently that is helping us work out where to take our products and tools.
Docker is committed to helping you build security into your supply chain, and we are working on more tools to help you with this.
We are looking to build a signing framework that can be used in every registry, and where signatures can be pushed and pulled with images so that you can identify that an image that you pull from your private on premise registry is the same as the Docker Official Image on Docker Hub, for example.
We are especially interested in your feedback around supply chain security and what you would like to see; we have had lots of really helpful feedback recently that is helping us work out where to take our products and tools.
Related Articles
Community Partners
DevOps Careers