Docker container security

•

1 like•889 views

The document discusses security challenges and best practices for Docker containers. It outlines risks at different stages of the container lifecycle from image development to deployment. Key risks include lack of isolation, complex ecosystems, and known vulnerabilities. The document recommends practices like using linting and scanning during development, restricting resources and access controls at deployment, and signing images from trusted sources to improve container security.

Software

© 2020 ThoughtWorks
Exploring Docker
container security:
Risks and good practices
Marina Kjaer & Mónica Calderaro

Security is a
HUGE topic
© 2020 ThoughtWorks

© 2020 ThoughtWorks
The main challenges are that Containers are
complex, the lack of isolation and the
complexity of the ecosystem.

Build Ship Run
Container lifecycle
● Code Analysis
● Image Hardening
● Image Scanning
● Image signing
● Resources Control
● User Access Control
● Host and Kernel
security
● Access Controls
● Other Resources

Image Development Safety
Use a Dockerﬁle linter
Add a linter into your workﬂow to catch common
security mistakes early
Build
Ship
Run

Image Development Safety
Identify and ﬁnd any known vulnerabilities that may
be present in an image.
Docker image security scanning
Build
Ship
Run

Image Development Safety
Multistage builds
Keep your image in production a small as possible
by creating 2 or more containers. The ﬁrst one uses
all tools and libraries to build the application, the
second just runs the output from the ﬁrst.
Build
Ship
Run

Image Development Safety
Use a trusted image
Use a minimal base image
With the bare minimum that's needed for your
app, for example Distroless.
Build
Ship
Run

Image Development Safety
Choose more speciﬁc tags as opposed to latest.
Use ﬁxed tags for immutability
Build
Ship
Run

Image Development Safety
Signatures allow client-side or runtime veriﬁcation
of the integrity and publisher of speciﬁc image
tags.
Verify Images to be signed
Build
Ship
Run

Image reliability
Signing Images
Trusted sources could include Oﬃcial Docker
Images, or User trusted sources signed with Docker
Content Trust.
Build
Ship
Run

Restrict Resources
Build
Ship
Run
Set resource quotas
Resource quotas allow you to limit the amount of
memory and CPU resources that a container can
consume.

Restrict access
Role Based Access Control
Based on teams function, assigns no access, view
only, restricted control, or full control
permissions.
Build
Ship
Run

Limit Privileges
Isolate containers with a user namespace
Namespaces provide isolation for running
processes, limiting their access to system resources
without the running process being aware of the
limitations.
Build
Ship
Run

Limit Privileges
Control groups
They provide many useful metrics, but they also
help ensure that each container gets its fair share
of resources.
Build
Ship
Run

Limit Privileges
Rootless mode
Run the Docker daemon as a non-root user.
Build
Ship
Run

Protect resources
API and network security
Docker containers typically rely heavily on APIs and
networks to communicate with each other.
Build
Ship
Run

© 2020 ThoughtWorks
Demo time
© 2020 ThoughtWorks

Build Ship Run
Let’s recap
With the bare minimum and
from trusted sources
With controlled resources With the right permissions

Resources
● https://docs.docker.com/
● https://resources.whitesourcesoftware.com/blog-w
hitesource/docker-container-security-challenges-an
d-best-practices
● https://www.trendmicro.com/
● https://snyk.io/
● https://neuvector.com/
● https://containerjournal.com/
● https://www.redhat.com/en/topics/security/contain
er-security
© 2020 ThoughtWorks
● https://docs.mirantis.com/docker-enterprise/v3.0/d
ockeree-products/ucp.html
● https://sysdig.com/blog/7-docker-security-vulnerabil
itie
● https://washraf.gitbooks.io/the-docker-ecosystem/c
ontent/Chapter%201/Section%203/Control%20Grou
ps.html

Continue the
conversation on Slack
© 2020 ThoughtWorks
XConfEurope2020
xconfeurope2020.slack.com
#talk2-docker-container-security
#XConfOnline

What's hot

Azure dev ops

Vishwas N

Containers are shaping the way organizations are developing and managing applications nowadays. However, many are not always fully aware of the measures that need to be taken across the entire software development lifecycle, especially when it comes to open source security aspects. The mindset of securing our applications needs to be shifted – to continuous security. In this session, Shiri Ivstan, Product Manager at WhiteSource, will discuss: 1) the main security challenges organizations face when using containers; 2) the most common layers in a typical container deployment; and 3) 4 simple steps to build security into each layer.

From Zero to Hero: Continuous Container Security in 4 Simple Steps

DevOps.com

Hacking into your containers, and how to stop it!

Eric Smalling

Containerized Databases for Enterprise Applications Containers are now being used in organizations of all sizes. From small startups to established enterprises, data persistence is necessary in many mission critical applications. “Containers are not for database applications” is a misconception and nothing could be further from the truth. This session aims to help practitioners navigate the minefield of database containerization and avoid some of the major pitfalls that can occur. Discussion includes traditional enterprise database concerns surrounding data persistence and data security, and how they mesh with containerized deployment.

DCSF19 Containerized Databases for Enterprise Applications

Docker, Inc.

Csa container-security-in-aws-dw Video: https://youtu.be/X2Db27sAcyM This session will touch upon container security constructs and isolation mechanisms like capabilities, syscalls, seccomp and Firecracker before digging into secure container configuration recommendations, third-party tools for build- and run-time analysis and monitoring, and how Kubernetes security mechanisms and AWS security-focussed services interact.

Csa container-security-in-aws-dw

Cloud Security Alliance, UK chapter

Kubernetes security

Thomas Fricke

Docker and SDL Web/Tridion - SDL UK User Group April 2017

rsleggett

Neues aus dem Docker-Universum

Nicholas Dille

Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated. This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks. See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.

The Future of Security and Productivity in Our Newly Remote World

DevOps.com

Kubernetes - security you need to know about it

Haydn Johnson

DockerCon EU 2015: Monitoring Docker

Docker, Inc.

Docker is hot. However, as Docker container use spreads into more mature production pipelines, there can be issues about control of Docker images to ensure they are production-ready. Is a promotion-based model appropriate to control and track the flow of Docker images from development to production? We will demonstrate how to implement a promotion model for docker images, and then show how to distribute them to any kind of consumer, being it a customer or a data center.

Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrog

Docker, Inc.

Container Security

Amazon Web Services

Dockerized containers are the current wave that promising to revolutionize IT. Everybody is talking about containers, but a lot of people remain confused on how they work and why they are different or better than virtual machines. In this session, Black Duck container and virtualization expert Tim Mackey will demystify containers, explain their core concepts, and compare and contrast them with the virtual machine architectures that have been the staple of IT for the last decade.

Containers 101

Black Duck by Synopsys

Shifting left - How to use Continuous Integration tools to bring security into the DevOps world In today's modern software factories, organizations are shifting security to the left. No longer just the purview of firewalls, security needs to be built in during development and deployment processes. By doing so, organizations can ensure they are limiting vulnerabilities getting into production while cutting costs of both downtime and code rework. Key Takeaways: ○ How to ensure that the use of open source doesn’t introduce vulnerabilities and other security risks ○ How to automate the delivery of trusted images using a policy-driven approach ○ Empowering developers to secure their applications, while maintaining segregation of duties ○ Ensuring the consistent flow of images through the pipeline, with no side-doors or introduction of unvetted images ○ Enforcing immutability of containers, preventing container-image drift

Embacing service-level-objectives of your microservices in your Cl/CD

Nebulaworks

What is Google Cloud Good For at DevFestInspire 2021

Robert John

Container security

Anthony Chow

Networking in Docker EE 2.0 with Kubernetes and Swarm

Abhinandan P.b

Operating Docker

Jen Andre

Kubernetes Security

Karthik Gaekwad

What's hot (20)

Azure dev ops

From Zero to Hero: Continuous Container Security in 4 Simple Steps

Hacking into your containers, and how to stop it!

DCSF19 Containerized Databases for Enterprise Applications

Csa container-security-in-aws-dw

Kubernetes security

Docker and SDL Web/Tridion - SDL UK User Group April 2017

Neues aus dem Docker-Universum

The Future of Security and Productivity in Our Newly Remote World

Kubernetes - security you need to know about it

DockerCon EU 2015: Monitoring Docker

Docker Container Lifecycles, Problem or Opportunity? by Baruch Sadogursky, JFrog

Container Security

Containers 101

Embacing service-level-objectives of your microservices in your Cl/CD

What is Google Cloud Good For at DevFestInspire 2021

Container security

Networking in Docker EE 2.0 with Kubernetes and Swarm

Operating Docker

Kubernetes Security

Similar to Docker container security

Testing Docker Images Security

Jose Manuel Ortega Candel

Docker Containers Security

Stephane Woillez

Testing Docker Images Security -All day dev ops 2017

Jose Manuel Ortega Candel

Docker Security and Content Trust

ehazlett

Docker best practice про Docker, лучшие практики в написании Dockerfile, проблемы большого количества слоев (Layers) в images и подходы по оптимизации Layers в images, функционал multi-stage builds, подходы к безопастности контейнеров и Hosts системе, подходы дебагинга и мониторинга.

"Docker best practice", Станислав Коленкин (senior devops, DataArt)

DataArt

Docker best Practices

jeetendra mandal

Tips and best practices for Docker

Calidad Infotech

Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption. The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present. In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn: • Why container environments present new application security challenges, including those posed by ever-increasing open source use. • How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities. • Best practices and methodologies for deploying secure containers with trust and confidence.

Contain your risk: Deploy secure containers with trust and confidence

Black Duck by Synopsys

Red Hat is helping organizations like Duke University become more efficient by delivering environmental parity for container-based applications across physical, virtual, private cloud, and public cloud environments. Red Hat delivers a comprehensive, integrated, and modular platform for containerized application delivery across the open hybrid cloud - from the OS platform, to software-defined storage, to development and deployment, and management. Through its work with Certified Cloud Service Providers like AWS, Red Hat ensures that application containers built for Red Hat Enterprise Linux can seamlessly move across public clouds. In this session, you will learn how Duke University used containers on Red Hat Enterprise Linux and AWS to combat a denial-of-service attack; how companies are using containers to increase the quality and speed of software delivery; key considerations for implementing container-based applications that can be moved across public clouds; and challenges organizations experience when using containers and how to address them. This session is sponsored by Red Hat.

(DVO311) Containers, Red Hat & AWS For Extreme IT Agility

Amazon Web Services

Testing Docker Security Linuxlab 2017

Jose Manuel Ortega Candel

In the last few years, the popularity of DevSecOps and rich cloud services have been driving the adoption of containers in the software industry. Container architectures become increasingly complex, and organizations cannot escape using them. At the same time, attackers are finding new ways of exploiting containers and container architectures. Are you still new to containerization and infrastructure as code? Do you feel that your knowledge of application security suddenly doesn’t apply to the way applications are built and deployed using containers? Do you get lost in the IaC and container terminology soup? If so, this talk will help clear things up and answer your questions. We start with an introduction into container technologies, briefly go through the key terminology, explain the value that containers bring today, and why they are so popular. Then we will talk about the challenges that DevSecOps engineers have when using contains and the security aspects that they face. This presentation includes descriptions of common container threats and real-world examples of recent attacks. These threats will guide our discussion of the typical vulnerabilities and attack vectors. We will touch on well-known standards and resources for container security, such as OWASP Docker Top 10 project, Container Security Verification Standard, NIST Application Container Security Guide, and CIS Benchmarks. And we conclude with guidelines on how to secure containers and listing best practices that most organizations follow today.

Finding Your Way in Container Security

Ksenia Peguero

Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016

Manideep Konakandla

Understanding docker ecosystem and vulnerabilities points

Abdul Khan

RSA conference poster on Docker container security

Manideep Konakandla

The presented article will target inspection of security of (un)official Docker formatted container images approaching the resulting safety of the image from two PoVs: examining image content for presence of known security flaws (vulnerability assessment), and validation if the internal software and service(s) encapsulated within the image are configured according to commonly-accepted recommendations as defined in security baselines (security hardening). Starting with reasoning why Docker images security matters, we will proceed to outline architectural concepts Docker images are based on. Subsequently compare these concepts with building blocks used by design of today's virtual machines, and point out areas (main differences) to take care of when container image security is primary concern. We will use the observations from this comparison to emphasize the need to inspect both content of container images themselves, but also the security configuration of the hosting computer in order to reach truly secure infrastructure. We will introduce the section of inspecting security of container images with providing overview of recent effort to implement image signing and verification. Afterwards we will demonstrate inspection of a concrete container image against currently known security flaws, and explain how this approach can be automated and generalized. Thereafter we will focus on examination if software and service(s) included in the container image meet commonly-known requirements for secure configuration. An illustration example how to detect e.g. an unauthorized executable in the container content will be provided. In the part dedicated to securing of the hosting computer we will show it is possible to fully automate this task too. We will conclude with sketching, where development in this area might be heading in the future (features that might be available to strengthen the security of container images even more).

OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...

NETWAYS

DevSecCon Lightning 2021- Container defaults are a hackers best friend

Eric Smalling

Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures. 1. Be Secure by Design 2. Scan Dependencies 3. Use HTTPS Everywhere 4. Use Access and Identity Tokens 5. Encrypt and Protect Secrets 6. Verify Security with Delivery Pipelines 7. Slow Down Attackers 8. Use Docker Rootless Mode 9. Use Time-Based Security 10. Scan Docker and Kubernetes Configuration for Vulnerabilities 11. Know Your Cloud and Cluster Security Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns

Security Patterns for Microservice Architectures - ADTMag Microservices & API...

Matt Raible

DockerCon EU 2015: What's New with Docker Trusted Registry

Docker, Inc.

Why should developers care about container security?

Eric Smalling

With the growing popularity of Container technology comes the growth of container-based attacks – but understanding your security needs will keep you ahead of the game. Container adoption is skyrocketing, growing 40% in the last year. And it makes sense – the agility, operational efficiencies and cost savings of containerized environments are huge benefits. But as more organizations rush to leverage containers, security is increasingly becoming a major concern and is the top roadblock to container deployment. What do you need to know (and do) to keep your container environments safe?

Are Your Containers as Secure as You Think?

DevOps.com

Similar to Docker container security (20)

Testing Docker Images Security

Docker Containers Security

Testing Docker Images Security -All day dev ops 2017

Docker Security and Content Trust

"Docker best practice", Станислав Коленкин (senior devops, DataArt)

Docker best Practices

Tips and best practices for Docker

Contain your risk: Deploy secure containers with trust and confidence

(DVO311) Containers, Red Hat & AWS For Extreme IT Agility

Testing Docker Security Linuxlab 2017

Finding Your Way in Container Security

Breaking and fixing_your_dockerized_environments_owasp_appsec_usa2016

Understanding docker ecosystem and vulnerabilities points

RSA conference poster on Docker container security

OSDC 2016 - Inspecting Security of Docker formatted Container Images to find ...

DevSecCon Lightning 2021- Container defaults are a hackers best friend

Security Patterns for Microservice Architectures - ADTMag Microservices & API...

DockerCon EU 2015: What's New with Docker Trusted Registry

Why should developers care about container security?

Are Your Containers as Secure as You Think?

More from Thoughtworks

Design System as a Product - Maria Elena Duenias, Esther Butcher Design systems are a great example where web development and design meet. You can find innumerable resources on the internet, books and conferences on how to build them, and how they are exactly what your organization needs. But, building one requires a lot more than following a recipe. In this talk we are going to discuss how to build a design system as an internal product, and how it evolves to become what the users need.

Design System as a Product

Thoughtworks

Designers, Developers and Dogs: Finding the magic balance between product and tech - Charlotte Vorbeck, ShareNow and Sahil Bajaj How can an agile delivery team become a successful product team? When does collaboration between product and tech succeed and when not? Why do people in some teams inspire each other while others in the same environment don't speak the same language? In this talk we want to share our learnings and experiences from rebuilding an internal tool for customer support at ShareNow. What could have been just another boring rewrite surprisingly became one of our best experiences in collaboration. We will look at how a joint discovery phase helped us to come up with a shared vision, how a better team setup enabled us to do the necessary work, how focusing on the customer kept us aligned during our journey, and also how we built upon existing collaborative techniques to achieve this new level of cooperation and trust.

Designers, Developers & Dogs

Thoughtworks

Cloud-first for fast innovation

Thoughtworks

How to create more business impact with flexible teams - Jan Hegewald, Zalando & Rebekka Beels, Zalando Usually, Software Engineering teams are organized around a fixed set of components which they develop further and maintain. Such component teams gain a high level of expert knowledge about their services. However, with agile product development, it often is difficult to implement the most important initiatives with such teams. This leads to a situation where the teams do not work on the most relevant business topics but on those for the respective team. At Zalando, we introduced a new model where we shape teams flexibly around business goals to create the highest impact. How we organize these teams and which challenges especially for the software quality need to be addressed, will be explored in this talk.

More impact with flexible teams

Thoughtworks

Culture of Innovation

Thoughtworks

Dual-Track Agile for Discovery & Development - Adriana Katrandzhieva The talk will focus on one of the ways teams can ensure continuous delivery and design in their projects. The so-called ‘Dual-track’ model shows the parallel tracks of discovery and development throughout the product design and delivery process. These continually feedback into each other informing new hypothesis that can be tested in order to be proven/disproven. This model is not always easy to implement out of the box and so I will share my own experiences in applying it in practice - what worked, what didn't and how the model can be adjusted to fit different teams and organisational environments.

Dual-Track Agile

Thoughtworks

Designing the Developer Experience - Tanja Bach, Jacob Bo Tiedemann Working with software that some other people have built, is not only daily business for private and business users but also for developers. Just like any other product, a product for developers needs to solve their problems and focus on the right jobs-to-be-done in order to be successfully adopted by the developer community. In this talk, we will explain why the developer experience matters not only to developers but also to the business. We will share our learnings and real-world examples of how we created a developer experience for a cloud infrastructure product and an IoT platform that the developers love.

Developer Experience

Thoughtworks

When we design together - Sabrina Mach, Ammara Gafoor and James Emmott From three distinct perspectives, this talk will contend that design is an activity undertaken by everyone in a software development team. It occurs throughout the process of delivery — not only at the beginning or the end — and it is a powerful instrument for learning about and adapting to the problems our work seeks to solve, which is a shared responsibility. Making the best use of our multidisciplinary expertise in the activity of design requires forms of collaboration that are too often disrupted by the role-based silos that keep us separated and weaken the valuable contribution our diverse approaches could make to our collective efforts. If you care about accelerating time to market, improving customer experience, or building happy and productive teams, you will want to know why and how it matters that we believe ‘design is in everything that we do’.

When we design together

Thoughtworks

Hardware is hard(er): designing for distributed user experiences in IoT - Claire Rowland, www.clairerowland.com Designing connected devices and hardware-enabled services is significantly more complex than pure software. There are more devices on which code can run, connectivity and data sharing patterns to consider, and often multiple and varied touchpoints for users to interact with. Pulling this all together into a coherent experience involves strong collaboration between design and engineering, and a systems thinking approach to UX. In this talk, we’ll introduce what designers need to know about the tech, what engineers need to know about UX for IoT, and how to facilitate the whole-collaboration needed to create great products. www.clairerowland.com

Hardware is hard(er)

Thoughtworks

Customer-centric innovation enabled by cloud

Thoughtworks

Amazon's Culture of Innovation

Thoughtworks

Find out how to validate hypotheses quickly using feedback that comes from a (large enough) number of actual users interacting with your product. In this talk, we will show you the technical foundations, research techniques and organisational setup that we have used successfully on large-scale products. These will save you development time, enable you to go live with confidence, make decisions based on real behaviour instead of best guesses, and solve the actual problems your users are facing.

When in doubt, go live

Thoughtworks

As a tech leader at ThoughtWorks, a large part of my job involves recommending practices to our clients so they can build and deliver good quality software faster. In doing so repeatedly for many clients I have created a toolkit that contains practical advice from being on the ground. This is what we do, we know it works. When Julius Caesar entered Rome with his army by crossing the river Rubicon, he did something that couldn’t be undone ever again. In your journey as a leader, avoid mistakes that are difficult to correct later. Here are a set of practices that you want to adopt as soon as possible.

Don't cross the Rubicon

Thoughtworks

Handling error conditions is a core part of the software we write. However, we often treat it as a second class citizen, obscuring our intent through abuse of null values and exceptions that make our code hard to understand and maintain. In the functional programming community, it is common to use datatypes such as Option, Either or Validated to make our intentions explicit when dealing with errors. We can leverage the compiler to verify that we are handling them instead of hoping for the best at runtime. This results in code that is clearer, without hidden path flows. We’ll show how we have been doing this in Kotlin, with the help of the Arrow library.

Error handling

Thoughtworks

Your test coverage is a lie!

Thoughtworks

Mainframes handle 30 billion business transactions each day and 87% of all credit card transactions*, they are not traditionally associated with flexible, fail-fast development approaches. Can we bring the practices of agile, CI/CD and fully automated deployments to applications running on a mainframe? During our talk, we'll tell you a story about test automation; redefining the smallest testable unit of a program. And we'll discuss our learnings from introducing continuous integration and agile practices to the world of insurance and mainframes. *9 Mainframe statistics that may surprise you

Redefining the unit

Thoughtworks

Technology Radar Webinar UK - Vol. 22

Thoughtworks

A Tribute to Turing

Thoughtworks

Rsa maths worked out

Thoughtworks

Nothing is neutral, and the technology we design and build, isn’t objective. How do we ensure that what starts out as a great idea, doesn’t unintentionally (or intentionally) harm? Trolling, racially biased algorithms, surveillance capitalism, how do we assess our creations through an ethical lens so our products don’t amplify social biases? Do we need a code of ethics? How do we build ethics in our practice? In this talk Sofia explores these questions and builds on the conversations that are happening globally within the technology community. She also talks about the Responsible Tech Playbook that ThoughtWorks is building which collate ethical frameworks and explore how to use them in design and delivery of software. SPEAKER: Sofia Woods, Senior Experience Designer, ThoughtWorks Sofia has over 10 years experience solving complex problems and designing digital products, experiences and services across government, financial services, transport and the private sectors. She’s a multi-disciplined designer, experienced with the whole gamut of Human Centred Design approaches including UX research, user interface design, prototyping/ testing and can apply this approach in large scale software delivery environments. Blending human centred design with strategy and technology, she creates meaningful experiences that transform.

Do No Harm: Do Technologists Need a Code of Ethics?

Thoughtworks

More from Thoughtworks (20)

Design System as a Product

Designers, Developers & Dogs

Cloud-first for fast innovation

More impact with flexible teams

Culture of Innovation

Dual-Track Agile

Developer Experience

When we design together

Hardware is hard(er)

Customer-centric innovation enabled by cloud

Amazon's Culture of Innovation

When in doubt, go live

Don't cross the Rubicon

Error handling

Your test coverage is a lie!

Redefining the unit

Technology Radar Webinar UK - Vol. 22

A Tribute to Turing

Rsa maths worked out

Do No Harm: Do Technologists Need a Code of Ethics?

Recently uploaded

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

masabamasaba

Software Quality Assurance Interview Questions

Arshad QA

In the realm of real-time applications, Large Language Models (LLMs) have long dominated language-centric tasks, while tools like OpenCV have excelled in the visual domain. However, the future (maybe) lies in the fusion of LLMs and deep learning, giving birth to the revolutionary concept of Large Action Models (LAMs). Imagine a world where AI not only comprehends language but mimics human actions on technology interfaces. For example, the Rabbit r1 device presented at CES 2024, driven by an AI operating system and LAM, brings this vision to life. It executes complex commands, leveraging GUIs with unprecedented ease. In this presentation, join me on a journey as a software engineer tinkering with WebRTC, Janus, and LLM/LAMs. Together, we’ll evaluate the current state of these AI technologies, unraveling the potential they hold for shaping the future of real-time applications.

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

Alberto González Trastoy

Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️ Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes. We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease. We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us. Our services feature various packages at competitive rates: One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations. For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

9953056974 Low Rate Call Girls In Saket, Delhi NCR

Test automation is a cornerstone of software development and quality assurance in today's rapidly evolving digital landscape. Its significance cannot be overstated. Businesses can enhance efficiency, productivity, and accelerate software delivery to market through automation, streamlining testing processes effectively. This comprehensive guide addresses the best practices for test automation in 2024. It offers a detailed checklist to empower you to optimize your automation efforts and maintain a competitive edge.

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

kalichargn70th171

Investing in AI transformation today The modern business advantage: Uncovering deep insights with AI Organizations around the world have come to recognize AI as the transformative technology that enables them to gain real business advantage. AI’s ability to organize vast quantities of data allows those who implement it to uncover deep business insights, augment human expertise, drive operational efficiency, transform their products, and better serve their customers

Microsoft AI Transformation Partner Playbook.pdf

Willy Marroquin (WillyDevNET)

HR Software Buyers Guide in 2024 - HRSoftware.com

Fatema Valibhai

(Vivek)Call Us, 8448380779,Call girls in Delhi NCr – We Offer best in class call girls. escort Service At Affordable Price At low Rate with Space Night 8000 We Are One Of The Oldest Escort and Call girls Agencies in Delhi. You Will Find That Our Female Escorts Are Full Of Fun, Sexy And They Would Love Enjoy Your Company. We Have A Fantastic Selection Of Escort Ladies Available For In-Calls As Well As Out-Calls. Our Escorts Are Not Only Beautiful But All Have Great Personalities Making Them The Perfect Companion For Any Occasion. In-Call:- You Can Come At Our Place in Delhi Our place Which Is Very Clean Hygienic 100% safe Accommodation. Out-Call:- You have To Come Pick The Girl From My Place We Are Also Provide Door Step Services (Delhi Ncr, Noida, Gurgaon, Faridabad, Ghaziabad Note:- Pic Collectors Time Passers Bargainers Stay Away As We Respect The Value For Your Money Time And Expect The Same From You Hygienic:- Full Ac room And Clean Rooms Available In Hotel 24 * 7 Hourly In Delhi NCR More Details, With WhatsApp Number, +91-8448380779

Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified

Delhi Call girls

VTU technical seminar 8Th Sem on Scikit-learn

AmarnathKambale

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts In Chinsurah ❤Personal Whatsapp Number Chinsurah Call Girls 8617697112 💦✅. Chinsurah escorts we are avaliable for our all types budget customers with offer great deals in Chinsurah.Call Now our Chinsurah escort service & call girls ... Independent call girls in Chinsurah escorts available 24 hours a day for discreet incall and outcall bookings from trusted call girls - Elis.in. Nitya salvi Chinsurah escorts service agency # Are you looking for sexy call girls ? Call our agency to get you dream independent call girl, ... One shot: ₹2000/in-call, ₹5000/out-call Two shots with one girl: ₹3500/in-call, ₹6000/out-call Body to body massage with sex: ₹3000/in-call Full night for one person: ₹7000/in-call, ₹10000/out-call Flexibility Choices and options Lists of many beauty fantasies Turn your dream into reality Perfect companionship Cheap and convenient In-call and Out-call services And many more. WhatsApp Chat: 📞 8617697112 Visit The Website : https://www.nityasalvi.com/

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...

Nitya salvi

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

masabamasaba

LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456

KiaraTiradoMicha

Define the academic and professional writing..pdf

PearlKirahMaeRagusta1

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

Shane Coughlan

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

VishalKumarJha10

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

Delhi Call girls

10 Trends Likely to Shape Enterprise Technology in 2024

Mind IT Systems

MakeMyPass" Online Bus Pass Management System illustrates the flow of activities and actions that occur within the system to accomplish specific tasks or use cases. This type of diagram focuses on representing the sequence of activities and decision points involved in a particular process. Below is an example outline and description of key elements that could be included in an Activity Diagram for the system:

BUS PASS MANGEMENT SYSTEM USING PHP.pptx

alwaysnagaraju26

Data spaces in distributed environments should be allowed to evolve in agile ways providing data space owners with large flexibility about which data they store. Agility and heterogeneity, however, jeopardize data exchanges because representations may build on varying ontologies and data consumers may not rely on the semantic correctness of their queries in the context of semantically heterogeneous, evolving data spaces. Graph data spaces are one example of a powerful model for representing and querying data whose semantics may change over time. To assert and enforce conditions on individual graph data spaces, shape languages (e.g SHACL) have been developed. We investigate the question of how querying and programming can be guarded by reasoning over SHACL constraints in a distributed setting and we sketch a picture of how a future landscape based on semantically heterogeneous data spaces might look like.

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

Steffen Staab

ManageIQ - Sprint 236 Review - Slide Deck

ManageIQ

Recently uploaded (20)

%in kempton park+277-882-255-28 abortion pills for sale in kempton park

Software Quality Assurance Interview Questions

Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications

CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf

Microsoft AI Transformation Partner Playbook.pdf

HR Software Buyers Guide in 2024 - HRSoftware.com

Sector 18, Noida Call girls :8448380779 Model Escorts | 100% verified

VTU technical seminar 8Th Sem on Scikit-learn

Chinsurah Escorts ☎️8617697112 Starting From 5K to 15K High Profile Escorts ...

%in ivory park+277-882-255-28 abortion pills for sale in ivory park

LEVEL 5 - SESSION 1 2023 (1).pptx - PDF 123456

Define the academic and professional writing..pdf

OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...

introduction-to-automotive Andoid os-csimmonds-ndctechtown-2021.pdf

call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️

10 Trends Likely to Shape Enterprise Technology in 2024

BUS PASS MANGEMENT SYSTEM USING PHP.pptx

Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...

ManageIQ - Sprint 236 Review - Slide Deck

Docker container security

5. Build Ship Run Container lifecycle ● Code Analysis ● Image Hardening ● Image Scanning ● Image signing ● Resources Control ● User Access Control ● Host and Kernel security ● Access Controls ● Other Resources

6. Image Development Safety Use a Dockerﬁle linter Add a linter into your workﬂow to catch common security mistakes early Build Ship Run

7. Image Development Safety Identify and ﬁnd any known vulnerabilities that may be present in an image. Docker image security scanning Build Ship Run

8. Image Development Safety Multistage builds Keep your image in production a small as possible by creating 2 or more containers. The ﬁrst one uses all tools and libraries to build the application, the second just runs the output from the ﬁrst. Build Ship Run

9. Image Development Safety Use a trusted image Use a minimal base image With the bare minimum that's needed for your app, for example Distroless. Build Ship Run

10. Image Development Safety Choose more speciﬁc tags as opposed to latest. Use ﬁxed tags for immutability Build Ship Run

11. Image Development Safety Signatures allow client-side or runtime veriﬁcation of the integrity and publisher of speciﬁc image tags. Verify Images to be signed Build Ship Run

12. Build Ship Run Container lifecycle ● Code Analysis ● Image Hardening ● Image Scanning ● Image signing ● Resources Control ● User Access Control ● Host and Kernel security ● Access Controls ● Other Resources

13. Image reliability Signing Images Trusted sources could include Oﬃcial Docker Images, or User trusted sources signed with Docker Content Trust. Build Ship Run

14. Restrict Resources Build Ship Run Set resource quotas Resource quotas allow you to limit the amount of memory and CPU resources that a container can consume.

15. Restrict access Role Based Access Control Based on teams function, assigns no access, view only, restricted control, or full control permissions. Build Ship Run

16. Build Ship Run Container lifecycle ● Code Analysis ● Image Hardening ● Image Scanning ● Image signing ● Resources Control ● User Access Control ● Host and Kernel security ● Access Controls ● Other Resources

17. Limit Privileges Isolate containers with a user namespace Namespaces provide isolation for running processes, limiting their access to system resources without the running process being aware of the limitations. Build Ship Run

18. Limit Privileges Control groups They provide many useful metrics, but they also help ensure that each container gets its fair share of resources. Build Ship Run

19. Limit Privileges Rootless mode Run the Docker daemon as a non-root user. Build Ship Run

20. Protect resources API and network security Docker containers typically rely heavily on APIs and networks to communicate with each other. Build Ship Run

22. Build Ship Run Let’s recap With the bare minimum and from trusted sources With controlled resources With the right permissions

23. Resources ● https://docs.docker.com/ ● https://resources.whitesourcesoftware.com/blog-w hitesource/docker-container-security-challenges-an d-best-practices ● https://www.trendmicro.com/ ● https://snyk.io/ ● https://neuvector.com/ ● https://containerjournal.com/ ● https://www.redhat.com/en/topics/security/contain er-security © 2020 ThoughtWorks ● https://docs.mirantis.com/docker-enterprise/v3.0/d ockeree-products/ucp.html ● https://sysdig.com/blog/7-docker-security-vulnerabil itie ● https://washraf.gitbooks.io/the-docker-ecosystem/c ontent/Chapter%201/Section%203/Control%20Grou ps.html

Docker container security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Docker container security

Similar to Docker container security (20)

More from Thoughtworks

More from Thoughtworks (20)

Recently uploaded

Recently uploaded (20)

Docker container security