stackoom
  简体   繁体   中英

How are docker images verified?

 原文  2019-09-23 19:24:08       docker/ security/ docker-image

Question

A webpage article "Docker Image Insecurity" from December 2014 draws some worrying picture of the mechanisms in place for securing docker image integrity.

Is this something that has been improved upon in the meantime. If so a good answer would ideally be able to point to a documentation that illustrates the improvied image verification mechanisms and how to test them.

1 answers

solution1
 0  2019-09-24 05:06:22

Docker 内容信任

This has been addressed sometime around August 2015 by the introduction of Docker Content Trust.

DCT was introduced from Docker Engine 1.8 onwards and it makes it possible to verify the publisher of Docker images.

Before a publisher pushes an image to a remote registry, Docker Engine signs the image locally with the publisher's private key. When you later pull this image, Docker Engine uses the publisher's public key to verify that the image you are about to run is exactly what the publisher created, has not been tampered with and is up to date.

For more information please refer to the information here .

DCT incorporates Notary in the docker engine and Notary is based on " The Update Framework ", more can be read about them here

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question verified docker's container with php? How to update docker images How to copy Docker images from Docker to Nexus How to retrive docker images of an older docker? How to filter Docker images by platform? How to patch exsisting images with new images in docker? How are layers cached in docker images? How to write files in Docker Images? How to pull images to docker registry? How to run a pulled images - docker
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM