TL;DR – Last Week’s Container News (10/06/17-10/13/17)

Serious Vulnerabilities in dnsmasq

Last week, serious security vulnerabilities were discovered in dnsmasq, a software package used in Kubernetes, Linux, BSD and macOS. Users should upgrade their systems as soon as possible.

Livestream DockerCon EU

Good news for those who can’t make it to DockerCon EU: the day one and two general sessions will be livestreamed. Livestreaming is happening on 10/17 and 10/18. Follow the link to sign up for DockerCon EU Livestream.

Chef’s Habitat Builder Launched

Chef just launched a SaaS called “Habitat Builder,” that “enables developers to package applications” without needing to decide export format or runtime until deployment. According to The New Stack, the SaaS “provides three services for cloud-native operations”:

  • Build Service (consistent packaging / build capabilities)
  • Artifact Store (repos for packaged artifacts)
  • Application Supervision enables consistent (management capabilities “like runtime lifecycle, configuration updates, clustering topologies and update strategies”)

Docker Swarm “Secure By Default”

A recent blog post by Docker describes how the Docker Swarm orchestrator was built “with the principle of least privilege in mind.” This built-in security feature ensures “each participant of the system,” only has, “access to the information and resources that are necessary for its legitimate purpose.” The post goes on to describe how Docker Swarm solves “three of the hardest and most important aspects of the orchestration lifecycle:”

  1. Trust bootstrap and node introduction
  2. Node identity issuance and management
  3. Authenticated, Authorized, Encrypted information storage and dissemination

Check out the complete blog post on how Docker Swarm ensures security by default.

Grafeas Provides Audit / Governance for Container Software Supply Chain

New open source project, Grafeas, should “provide audit and governance capabilities for the microservices container software supply chain,” according to a recent eWeek article. The article shares an example use for Grafeas (restricting the scheduling of containers when images have known vulnerabilities).

4 Security Lessons for Containers

A recent The New Stack article shares some common container configuration mistakes – and describes how they can be exploited by hackers. Among the issues:

  • privileged containers that “just aren’t contained”
  • apps “left lying around” containers
  • not enough security “layers”
  • lack of updates / not using IDS.

Follow the link for a complete rundown of these four issues.

What is OpenTracing?

A recent The New Stack article explains “tracing” (“a way for developers to… understand distributed systems at scale” and get “visibility into an application as processes grow in number”). The article describes a new OpenTracing standard — a project under the CNCF that should enable “the instrumentation of applications for distributed tracing with minimal effort.”

Switch Makes Successful IPO

Please join us in congratulating Vegas’s-own Switch on their successful IPO! Switch is a major player in the Vegas tech space and was among the first supporters of the Cloud Native Computing Foundation (CNCF). Their IPO last week raised $531 million according to a recent VegasTech article.

Any major container news we missed? Please feel free to drop us a line. This summary is part of an ongoing series from InfoSiftr, and we want to make sure all top container stories are covered.


About the Author: