Overview
Explore the critical aspects of creating a secure supply chain for application development in this 36-minute Docker conference talk. Learn how Docker Enterprise assists developers, DevOps, and DevSecOps teams in securely building and shipping applications through the software pipeline. Dive into the platform's private registry Image Signing for ensuring image source authenticity and Image Scanning for identifying vulnerabilities. Discover how to automate security features through policy implementation and seamlessly integrate them into your software pipeline, creating a comprehensive audit trail. The talk covers topics such as runtime and infrastructure security, demonstrates a Jenkins Pipeline with Docker Trusted Registry, and showcases features like vulnerability view, promotion policy, webhooks, Content Trust, and SAML Single Sign-On.
Syllabus
Introduction
Introductions
Agenda
Security
Secure Software Supply Chain
Runtime Security
Infrastructure Security
Demo
Jenkins Pipeline
Docker Trusted Registry
Vulnerability View
Promotion Policy
Webhook
Enable Content Trust
Image Not Signed
Content Trust
SAML
Single SignOn
Log Messages
Next Steps
Questions
Taught by
Docker