With the continuing success of the Docker engine containers are increasingly moving from build chains into production environments. So it’s high time to assess the current state of security of one’s container environment. Luckily the Docker eco system is beginning to provide more and more tools to deploy security measures – some of the them being already active per default. At the same time several pitfalls exist that could lead to a vulnerable environment.
The talk aims to present a security model covering multiple layers from building images, to the Docker host and daemon, and up to containers at runtime while focusing on the knobs and levers for building a secure system.