Show threadFossmanJan 22

@realdrdoug Just discovered your #selfhosting solution and it looks exciting! Apparently it is using #Docker like #CasaOS, #Tipi, etc.

Does #HomeServerHQ use Docker in rootful mode or rootless mode? Is using #podman instead supported?

#selfhost #selfhosted #DockerCommunity #DockerSecurity #LinuxSecurity #homelab

RunarSmithDec 17

Salut les experts DevSecOps et Cyber !

🚨 Checkov : Le couteau suisse DevSecOps pour scanner vos IaC avant le déploiement !

On parle souvent de "shift-left" et d'intégrer la sécurité le plus tôt possible, mais concrètement, comment faire ça de manière efficace sans casser le workflow de dev ? Checkov mérite qu'on parle de lui sérieusement pour qui veut sécuriser son infra code dès la conception.

Checkov, ce n'est pas juste un scanner d'IaC, il fait aussi de l'analyse de composition logicielle (SCA) pour les images conteneurs et les packages open source. Ça veut dire qu'on a une vision assez complète, des vulnérabilités aux mauvaises configurations, tout ça avant même que le code ne touche l'environnement.

👉 Il couvre un spectre large de formats :
* Terraform
* CloudFormation
* Kubernetes
* Helm
* Kustomize
* Dockerfile
* Serverless Framework
* Bicep, OpenAPI, ARM Templates... la liste est longue.

Autant dire que peu importe votre stack IaC, il y a de fortes chances que Checkov s'y intègre sans souci. L'idée, c'est de choper les problèmes là où ils coûtent le moins cher à corriger : au moment où le dev écrit son code. Fini les surprises en prod !

Un point crucial qui revient souvent sur la table, c'est la détection des secrets. Checkov est là-dessus aussi, il sait repérer les identifiants et autres secrets qui traînent dans les configurations. On sait tous à quel point un secret exposé peut être dévastateur. C'est une couche de protection essentielle.

Enfin, et c'est souvent ce qui fait la différence avec ce genre d'outils : la personnalisation. On peut adapter les politiques de sécurité à nos besoins spécifiques, et surtout, gérer la suppression des faux positifs. Parce qu'une alerte trop bruyante, c'est une alerte ignorée. Avoir la main là-dessus est vital pour maintenir un outil utilisable et pertinent pour les équipes.

Pour creuser le sujet, le repo github: https://github.com/bridgecrewio/checkov

Pour une stratégie plus complète sur la supply chain, Checkov doit être complété par d'autres outils de SCA & SBOM: Trivy, Syft, Dependency-Track, etc. pour la visibilité sur les dépendances

Il y a d'autres outils de devSecOps, et Stephane ROBERT les courent dans sa doc:
* SAST: https://blog.stephane-robert.info/docs/securiser/analyser-code/sast/
* DAST: https://blog.stephane-robert.info/docs/securiser/analyser-code/dast/
* SCA: https://blog.stephane-robert.info/docs/securiser/analyser-code/sca/
* Sécurité des containers : https://blog.stephane-robert.info/docs/securiser/conteneurs/

Avez-vous déjà testé Checkov dans votre pipeline CI/CD? Partagez votre expérience! Quels sont vos critères pour choisir un outil d'analyse statique comme Checkov ?

#CyberSecurite #DevSecOps #CloudSecurity #Kubernetes #DockerSecurity #SCA #IaC #StaticCodeAnalysis #CloudNativeSecurity

N-gated Hacker NewsOct 23
MinIO's bold strategy to solve security issues: just don't release the patch! 🤦‍♂️ Because clearly, ignoring a #CVE is the new way to handle #vulnerabilities. 🤷‍♀️ Docker users, brace yourselves for the innovative non-solution of the decade! 🚀✨
https://github.com/minio/minio/issues/21647 #MinIO #DockerSecurity #PatchStrategy #HackerNews #ngated
Docker release? · Issue #21647 · minio/minio

Hello, I did not find a new image for the security release Security/CVE RELEASE.2025-10-15T17-29-55Z, on quay.io nor DockerHub. Is it expected? If it isn’t, can you please push a new release for th...

GitHub
Pen Test PartnersOct 23
Exposing your home lab to the internet can open a path into your personal accounts and even your work assets.

In our latest blog post, Morgan Davis shows how to cut that risk with low-cost controls you can apply today, no enterprise tools needed. It teaches security thinking to help you reduce your attack surface and more.

📌 Read the guide here: https://www.pentestpartners.com/security-blog/hardening-your-home-lab/

#cybersecurity #homelab #selfhosting #dockersecurity #linuxsecurity #infosec
The DefendOps DiariesOct 7

Imagine getting enterprise-grade container security without the enterprise price tag. Docker’s new catalog offers rapid 7-day patches, vetted by experts and even FedRAMP-ready—perfect for startups looking to level up their defense. Curious how?

https://thedefendopsdiaries.com/dockers-hardened-images-catalog-enterprise-grade-security-for-small-businesses/

#dockersecurity
#containersecurity
#smallbusiness
#hardenedimages
#cybersecurity
#fedramp
#devsecops
#vulnerabilitymanagement
#cloudsecurity

Docker’s Hardened Images Catalog: Enterprise-Grade Security for Small Businesses

Discover how Docker’s Hardened Images Catalog brings enterprise-grade container security to small businesses with rapid patching and compliance.

The DefendOps Diaries
The DefendOps DiariesSep 9, 2025

Misconfigured Docker APIs are a hacker’s gateway to secret crypto-mining—thanks to Tor, stopping them is tougher than ever. Is your cloud truly secure?

https://thedefendopsdiaries.com/securing-docker-apis-navigating-the-threat-landscape/

#dockersecurity
#cybersecurity
#cloudsecurity
#cryptojacking
#tor

HackerNoonAug 25, 2025
Why Docker’s integrity checks aren’t enough: understanding gh0stEdit and defending against hidden supply chain risks in container images. https://hackernoon.com/the-gh0stedit-attack-how-hackers-hide-in-docker-image-layers #dockersecurity
The gh0stEdit Attack: How Hackers Hide in Docker Image Layers | HackerNoon

Why Docker’s integrity checks aren’t enough: understanding gh0stEdit and defending against hidden supply chain risks in container images.

bytetrendingAug 23, 2025

Docker Security: Best Practices & Tips

Discover how to bolster your application's defenses against cyber threats with best practices for container security. Learn essential techniques for securing your environment and safeguarding sensitive data – vital steps for any DevOps team utilizing container technology. #DockerSecurity

https://bytetrending.com/2025/08/22/docker-security-best-practices-tips-2/?utm_source=mastodon&utm_medium=jetpack_social

Docker Security: Best Practices & Tips - ByteTrending

Discover how to bolster your application's defenses against cyber threats with best practices for container security. Learn essential techniques for securing your environment and safeguarding sensitive data – vital steps for any DevOps team utilizing container technology. #DockerSecurity

ByteTrending
bytetrendingAug 21, 2025

Docker Security Best Practices & Tips

Unlock robust protection for your containerized applications with expert strategies for securing your infrastructure. Learn how to mitigate vulnerabilities and ensure a resilient environment – crucial for modern software development. #DockerSecurity

https://bytetrending.com/2025/08/21/docker-security-best-practices-tips/?utm_source=mastodon&utm_medium=jetpack_social

Docker Security Best Practices & Tips - ByteTrending

Unlock robust protection for your containerized applications with expert strategies for securing your infrastructure. Learn how to mitigate vulnerabilities and ensure a resilient environment – crucial for modern software development. #DockerSecurity

ByteTrending
The DefendOps DiariesAug 12, 2025

A hidden backdoor in a trusted Linux tool is giving attackers a master key to root access—how did a long-time contributor manage to compromise entire Docker images and official distributions? Read on to uncover the full story.

https://thedefendopsdiaries.com/the-xz-utils-backdoor-a-critical-software-supply-chain-compromise/

#xzutils
#backdoor
#cybersecurity
#softwaresecurity
#dockersecurity

The XZ-Utils Backdoor: A Critical Software Supply Chain Compromise

Explore the XZ-Utils backdoor, a major software supply chain compromise affecting Linux distributions and Docker images.

The DefendOps Diaries