Docker, Inc. Rises to Meet Productivity and Security Challenges
During the online DockerCon Live 2021 event today, Docker, Inc. unveiled Docker Development Environments, a tool that makes it possible for developers to automatically create a virtual instance of their development environment that can be shared with other members of their development team.
In addition, Docker, Inc. is launching an update to Docker Compose that adds tighter integration with the Docker command line interface (CLI) to accelerate deployment of their applications on cloud services. Docker, Inc. also is making available Scoped Personal Access Tokens that enable developers to define different types of access tokens for container images on a per-user basis.
Docker, Inc. also reveals that Datadog, Red Hat and VMware have joined the Docker Verified Publisher program, which provides access to containers that third-party vendors have committed to keep current to ensure security.
Finally, Docker Official Images can now be downloaded via registries maintained by Amazon Web Services (AWS) and Mirantis as an alternative to DockerHub.
Docker, Inc. CEO Scott Johnston says the company is moving to address two of the most pressing issues faced today by organizations building containerized applications. Many developers continue to work from home to help combat the COVID-19 pandemic. However, those efforts adversely impact productivity because it’s no longer easy for developers that previously worked in the same office to collaborate. Developers could previously share a virtual instance of a Docker development environment, but it was a cumbersome process. Docker, Inc. has now automated that process, notes Johnston.
The second major issue Docker, Inc. is addressing today is the security of software supply chains. Cybercriminals are using Docker containers to distribute malware. The Docker Verified Publisher program assures developers they are not employing containers that have been compromised by malware. Although there are only 160 providers of containers participating in these initiatives, Johnston notes that 25% of all the containers being downloaded via the company’s registries are from these vendors.
Overall, Docker, Inc. reports that 13 billion image pulls per month from nearly 8 million repositories residing on Docker Hub are being made by more than 13 million developers.
In general, Johnston says there is more focus on application security than ever in the wake of recent high-profile breaches of software supply chains. At the same time, a recent executive order issued by the Biden administration is making business and IT leaders more cognizant of the issue. Many organizations are moving to secure software supply chains in anticipation of more stringent requirements that will be rolled out in the months and years ahead, notes Johnston.
In the meantime, organizations will continue to try to strike a balance between developer productivity and security. The challenge organizations face is finding a way to enable developers to implement security controls without slowing down the application development process, as responsibility for security continues to shift left toward developers. The first step in that process is, of course, making sure the container artifacts that developers are reusing to build applications are themselves free of malware. After all, the best way to ensure the integrity of any software supply chain is to make sure the components on which is based are safe to use in the first place.
