Docker Scout を使ったソフトウェアサプライチェーンのセキュリティ強化

When container images are insecure, significant risks can arise. Around 60% of organizations have reported experiencing at least one security breach or vulnerability incident within a year, resulting in operational disruption. These incidents often result in considerable downtime, with 44% of affected companies experiencing over an hour of downtime per event. The financial impact is substantial, with the average data breach cost reaching $4.45 million. This highlights the critical importance of maintaining robust container security measures.

Docker Scout enhances container security by providing automated vulnerability detection and remediation, addressing insecure container images, and ensuring compliance with security standards.

What you'll learn

  • Define Secure Software Supply Chain (SSSC)
  • Review SBOMs and how to use them
  • Detect and monitor vulnerabilities

Tools integration

Works well with Docker Desktop, GitHub Actions, Jenkins, Kubernetes, and other CI solutions.

Who’s this for?

  • DevOps engineers who need to integrate automated security checks into CI/CD pipelines to enhance the security and efficiency of their workflows.
  • Developers who want to use Docker Scout to identify and remediate vulnerabilities early in the development process, ensuring the production of secure container images.
  • Security professionals who must enforce security compliance, conduct vulnerability assessments, and ensure the overall security of containerized applications.

モジュール

  1. Why Docker Scout?

    Learn how Docker Scout can help you secure your supply chain.

  2. Demo

    Learn about Docker Scout's powerful features for enhanced supply chain security.

  3. Software supply chain security

    Learn about software supply chain security (S3C), what it means, and why it is important.

  4. Software Bill of Materials

    Learn about Software Bill of Materials (SBOM) and how Docker Scout uses it.

  5. Attestations

    Introduction to SBOM and provenance attestations with Docker Build, what they are, and why they exist

  6. Remediation

    Learn how Docker Scout can help you improve your software quality automatically, using remediation

  7. Common challenges and questions

    Explore common challenges and questions related to Docker Scout.