To use Docker safely, you need to be aware of the potential security issues and the major tools and techniques for securing container-based systems. In this chapter, we will consider security from the viewpoint of running Docker in production, but most of the advice is equally applicable to development. Even with security, it is important to keep the development and production environments similar in order to avoid the issues around moving code between environments that Docker was intended to solve.
Reading online posts and news items and Jonathan Rudenberg’s article on image insecurity, but note that the issues in Jonathan’s article have been largely addressed by the development of digests and the Notary project.] about Docker can give you the impression that Docker is inherently insecure and not ready for production use.footnote:[The better articles on Docker security include the series by Dan Walsh of Red Hat on Opensource.com While you certainly need to be aware of issues related to using containers safely, if used properly, containers can provide a more secure and efficient system than using VMs or bare metal alone.
This chapter begins by exploring some of the issues surrounding the security of container-based systems that you should be thinking about when using containers.
The guidance in this chapter is based on my opinion. I am not a security researcher, nor am I responsible for any major public-facing system. That ...