Containers are lightweight alternatives to virtual machines (VMs). Whereas VMs use dedicated virtual resources (disk, CPU, memory, network interface), containers may share common files.
- Kubernetes. Container orchestration (what does orchestration actually mean?)
- Rocket/rkt
- openVZ/Odin (formerly Parallels)
- Docker
Benefits:
- Portability
Security Considerations:
- Like a Type 2 hypervisor, containers rely on the host operating system. Whereas VMs run their own operating system, containers share the underlying host operating systems. Vulnerabilities in the host OS can affect the containers.
- Certification. Is there a way to ensure the content of the container can be certified and changes tracked? Need a method to establish trust of container. What do we do in the DevSecOps environment to verify what is being deployed is secure? Static code analysis? Dynamic application inspection?
- Snyk brings vulnerability scanning to Docker official and certified images.
No comments:
Post a Comment