cm0002 to Programmer Humor@programming.dev · 1 年前How Docker was bornlemmy.mlimagemessage-square39linkfedilinkarrow-up1818arrow-down124
arrow-up1794arrow-down1imageHow Docker was bornlemmy.mlcm0002 to Programmer Humor@programming.dev · 1 年前message-square39linkfedilink
minus-squarekitnahtBannedlinkfedilinkarrow-up19arrow-down1·1 年前The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.
minus-squareMrPistachios@lemmy.todaylinkfedilinkEnglisharrow-up5·1 年前but wouldnt that be an issue regardless of docker
minus-squareDrasla@lemmy.studiolinkfedilinkarrow-up1·1 年前You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?
minus-squarekitnahtBannedlinkfedilinkarrow-up6arrow-down3·1 年前Supply chain attack has a definition. And it has nothing to do with DDoS.
minus-squareroofuskitlinkfedilinkEnglisharrow-up2·1 年前They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.
minus-squarezalgotext@sh.itjust.workslinkfedilinkarrow-up9·1 年前This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
minus-squareroofuskitlinkfedilinkEnglisharrow-up2·1 年前I was just answering a question. I had the same response above.
minus-squarecorsicanguppy@lemmy.calinkfedilinkEnglisharrow-up2arrow-down1·1 年前Enterprise security folks will back you up on that concern.
minus-squareroofuskitlinkfedilinkEnglisharrow-up4·1 年前Enterprise folks also shouldn’t be pulling updates down to production environments.
minus-squareActerslinkfedilinkarrow-up2·1 年前CrowdStrike: lmao let’s brick half the world running on Windows PCs
The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.
deleted by creator
but wouldnt that be an issue regardless of docker
You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?
Supply chain attack has a definition. And it has nothing to do with DDoS.
deleted by creator
They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.
This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
I was just answering a question. I had the same response above.
And I was just adding extra details
Enterprise security folks will back you up on that concern.
Enterprise folks also shouldn’t be pulling updates down to production environments.
CrowdStrike: lmao let’s brick half the world running on Windows PCs