Understanding the container security concepts that impact your organization

Full paper - PDF

TLDR;

Scream these to your developer team:

  • Don’t let the shipping container imagery fool you; containers are not a special security boundary
  • Containers use primitives of the Linux kernel (cgroups, namespaces) toisolate processes in an environment
  • A “container image” is your application and its dependencies, and uses a “base image”as the basis for thecontainer image
  • Container registries host your container images. It’s important that you be able to trust your base and container images, and that you use a private, trusted registry