security

HashiCorp Vault 1.0

Today we are excited to announce the public availability of HashiCorp Vault 1.0. Vault is a tool to manage secrets and protect sensitive data for any infrastructure and application. Vault 1.0 is focused on renovating Vault’s infrastructure to support high performance, scalable workloads. The 1.0 release of Vault includes significant new functionality including: Batch Tokens: A new type of token optimized for high performance, ephemeral workloads. Open Source Cloud Auto Unseal: Cloud-based auto unseal is now open source.
Read more

Using Terraform for container security as code with Sysdig Secure

In the following tutorial you can learn how to implement container security as code. You probably have a CI/CD pipeline to automatically rebuild your container images. What if you could define your container security as code, push it into a Git repository to version control changes and then enforce your policy in your container orchestration tool like Docker or Kubernetes using Sysdig Secure? Terraform is an awesome tool to deploy and update your infrastructure using code.
Read more

Kubernetes’ first major security hole discovered

Kubernetes has become the most popular cloud container orchestration system by far, so it was only a matter of time until its first major security hole was discovered. And the bug, CVE-2018-1002105, aka the Kubernetes privilege escalation flaw, is a doozy. It’s a CVSS 9.8 critical security hole. CVSS 9.8 critical security hole. With a specially crafted network request, any user can establish a connection through the Kubernetes application programming interface (API) server to a backend server.
Read more

29 Docker security tools compared

There are quite a few Docker security tools in the ecosystem, how do they compare? We have gathered a list of the most popular Docker security tools so you can evaluate what fits your needs better, including features and use cases. Here you will find both open source projects and Docker security commercial vendors. But is Docker insecure? Not at all. Actually features like process isolation with user namespaces and resource encapsulation with cgroups reduce the attack vector providing a great deal of protection.
Read more