Docker Security

Automating Image Scanning with Jenkins

By Xiaofeng Sun Containers provide an easy and efficient way to deploy applications. But container images may contain open source code over which you don’t have a full control. Many vulnerabilities in open source projects have been reported, and you may decide to use these libraries with vulnerabilities or not after scanning the images and… Read more »

Docker Security

17 Backdoored Malicious Images Removed From Docker Hub, But Are You Really Any Safer?

By Fei Huang Docker Hub recently removed 17 backdoored Docker images. This action came after Fortinet reported some cryptomining activity which linked back to these images. Here are some of the interesting facts: Backdoors were hidden inside the MySQL and Tomcat images, which are some of the most popular application containers on Docker Hub. These… Read more »

Cloud Security

NeuVector Builds on Istio Service Mesh Concepts to Secure Microservices

The Security Mesh deployed by NeuVector is compatible with the Istio service mesh and provides a roadmap for future integration By Gary Duan The service mesh concept behind the Istio project provides a powerful and useful set of services which are critical for managing, monitoring and securing container-based services, especially those built on Kubernetes. This… Read more »

Container Security

Backdoor Found in Open Source SSH package

A serious backdoor vulnerability in a popular software package was recently reported. It was found in the ssh-decorator Python package. In this open source library, a log function was sending clear text IP addresses, login names and passwords to an external site: “ssh-decorate.cf/index.php.” This immediately became one of the hottest topics about which thousands of… Read more »

Container Security

OpenShift Security Automation

Containers and tools like Red Hat OpenShift enable enterprises to automate many aspects of application deployment, with many significant business benefits. But it’s easy to forget to automate the security aspects of containers. There are many built-in features for OpenShift security automation in the platform, but don’t stop there. Automating run-time security for OpenShift deployments… Read more »