Educause Security Discussion mailing list archives
Docker Security
From: Stefan Wahe <stefan.wahe () WISC EDU>
Date: Tue, 13 Sep 2016 01:46:52 +0000
Is your campus using Docker as an Dev/Ops deployment and maintenance tool? Our development teams have already begun leveraging Docker which in-turns induces IT security risk into our network (just like most changes in technologies and process). We are trying to catch-up to the development teams by: (1) Identifying a security testing methodology. Currently vulnerability scanning tools like Qualys and Nessus do not deliver functionality to scan the Docker containers. Docker is offering solutions such as: https://blog.docker.com/2016/05/docker-security-scanning/ (2) Developing an approach to scan network segments for instances of Docker. (3) Developing configuration templates for Docker containers (CIS Benchmarks). (4) Assisting with the change management and business continuity planning/disaster recovery operations for Docker solutions. I am curious if you are ahead of us in your assessments of Docker as a container solution for Dev/Ops? I appreciate your thoughts and advice. Thanks – Stefan --
Attachment:
smime.p7s
Description:
Current thread:
- Docker Security Stefan Wahe (Sep 12)