Learn how choosing good base images, data protection, and multistage builds can make for more secure Dockerized apps.
Join the DZone community and get the full member experience. Ever since virtualization support went mainstream, developers have started to embrace containerization as a means of enhancing app security. And when used well, it’s an excellent approach. Unfortunately, countless things can destroy the security benefits of containerization when overlooked. But, short of taking some additional coursework on the subject, there aren’t many places you can go to learn about the best practices of containerization. And since Docker is the most popular containerization option in the world right now, that seems like a natural place to start. Here are five simple containerization security tips to help you keep your Dockerized apps secure. The main security benefit of containerization is that it helps to isolate your app from anything else running on the same hardware or bare-metal OS. But that doesn’t mean you don’t have to worry about the internal security of the container itself. For that reason, the first thing you’ll always have to do when developing a Dockerized application is to choose your base image with care. The easiest way to do that is to rely on images that come from verified publishers. Doing so helps to prevent the inadvertent use of altered or otherwise tainted base images. And when you choose the image you’re going to work with, it’s best to go with the most recent version available, and to carefully scrutinize any vulnerability list that pertains to it. Another thing to consider when choosing a base image is to try and go with the most stripped-down base that will support your needs.
