container
As people continue to adopt CRI-O as a new container runtime for Kubernetes I am hearing questions from administrators who are confused whether they should use Crictl or Podman to diagnose and understand what is going on in a Kubernetes node. This is not one or the other — these tools are complementary, and this article attempts to explain the tools and examine when it is best to use each of these tools.
Read more
There are quite a few Docker security tools in the ecosystem, how do they compare? We have gathered a list of the most popular Docker security tools so you can evaluate what fits your needs better, including features and use cases. Here you will find both open source projects and Docker security commercial vendors.
But is Docker insecure? Not at all. Actually features like process isolation with user namespaces and resource encapsulation with cgroups reduce the attack vector providing a great deal of protection.
Read more