![is docker for mac safe is docker for mac safe](https://www.powermymac.com/images/uninstaller/activity-monitor-docker.png)
- #IS DOCKER FOR MAC SAFE FULL#
- #IS DOCKER FOR MAC SAFE VERIFICATION#
- #IS DOCKER FOR MAC SAFE SOFTWARE#
- #IS DOCKER FOR MAC SAFE CODE#
- #IS DOCKER FOR MAC SAFE DOWNLOAD#
#IS DOCKER FOR MAC SAFE FULL#
But for a Docker container, especially one that includes a full set of operating system tools and libraries, the "attack surface" is so much bigger.
![is docker for mac safe is docker for mac safe](https://tg.carmusiclab.com/wp-content/uploads/imga-media/10845.jpg)
#IS DOCKER FOR MAC SAFE SOFTWARE#
Arguably, closed source software could be worse in this way. Nowadays, many large enterprises do not question technical implementers who incorporate open source software. Are you sure the software is not doing something nasty, like reporting your activities to some Internet destination? This used to be a common fear of open source software. Second is the issue of the package itself.
#IS DOCKER FOR MAC SAFE DOWNLOAD#
With Docker, you don't even know the container is unaltered between publication and your download of it.
#IS DOCKER FOR MAC SAFE CODE#
So in the open source world, you don't know the code is safe, but you often know you're getting the code you're supposed to get. And even one-off projects tend to include checksums in download bundles. Good open source packaging systems today include this, at least when obtaining software from official repositories.
#IS DOCKER FOR MAC SAFE VERIFICATION#
But I think the risk of using community Docker containers is somewhat higher at present than the risks of using open source software.įirst, as you mentioned, there is no signing and verification now. In essence, I argue it is the same question as whether open source software is trustworthy. You are trading off the time needed to develop and maintain your own images, against the increased risks that someone involved in the production of the software you download will either be malicious or have made a mistake with regards to the security of the system. Of course you could audit all the dockerfiles, but then once you've done that you'd almost have been better just configuring the thing yourself !Īs to whether this is "worth the risk", I'm afraid that's a decision only you can really make. Docker is all about automating set-up of software which means that you are, to an extent, trusting all the people who made the dockerfiles to have configured them as securely as you would have liked them to.
![is docker for mac safe is docker for mac safe](https://koenig-media.raywenderlich.com/uploads/2018/10/DockerMacOS-feature.png)
I know it could sound naive, but could it be easy for someone to hide some malicious content in a container? I know that the answer is YES but I would like to know in which dimension, and if it's worth the risk. All of this is making a security audit harder. The problem is that those containers can be very complicated and have a large parent tree of other containers they can even pull some code from repositories like GitHub. When it comes to Docker, it is very convenient to use a third party container that already exist to do what we want.