- cross-posted to:
- programmerhumor@lemmy.ml
- cross-posted to:
- programmerhumor@lemmy.ml
You must log in or register to comment.
The biggest problem that I have with docker is honestly, the fear of a supply-chain attack.
You mean compromised code sneaking into Docker images? Or a DOS on dockerhub?
They worry about someone replacing the docker image on the hosting server with a malicious modified version for people to pull down during updates.
This worry exists for literally every 3rd party dependency, not just docker, and is addressed the same way - by running tests and vulnerability scans in a sandboxed test environment before shipping to prod
I was just answering a question. I had the same response above.
And I was just adding extra details
Supply chain attack has a definition. And it has nothing to do with DDoS.
deleted by creator
and that’s why you build redundancy and image scanning into your pipeline.
to not use a technology like containers based entirely on a generalization of “security” ignores the obvious security benefits of using a sandboxed environment that can run almost anywhere.
it used to take an hour to release new code into the services I own where I work. with containerized services it takes me five minutes. sure, the builds and scans and qa takes a day but the apps have never been this stable before.
rollbacks would take all fucking night. now? five minutes.
the benefits are a boon to solvency with very little impact to security if managed correctly.
but wouldnt that be an issue regardless of docker
