Docker is a new type of application platform, and it has been built with a strong focus on security. You can package an existing application as a Docker image, run it in a Docker container, and get significant security benefits without changing any code.

A .NET 2.0 WebForms app currently running on Windows Server 2003 will happily run under .NET 4.7 in a Windows container based on Windows Server Core 2019 with no code changes: an immediate upgrade that applies 16 years of security patches! There are still huge numbers of Windows applications running on Server 2003 which is out of support, or Server 2008 which will shortly be out of support. Moving to Docker is a great way to bring those apps onto a modern technology stack.

Security in Docker encompasses a wide range of topics, which I will cover in this chapter. I'll explain the security aspects of containers and images, the extended features in Docker Trusted Registry (DTR), and the secure configuration of Docker in swarm mode.

In this chapter I'll look at some of the internals of Docker to show how security is implemented. I'll cover:

• Understanding container security
• Securing applications with secure Docker images
• Securing the software supply chain with DTR
• Understanding security in swarm mode