Introduction to Container 101

I recently started learning about container security. And here is the first blog.

What is Container?

When you hear containers you think of Docker. The most popular container technology is Docker that was launched in 2013 as an open-source container runtime. But apart from docker, there are alternatives such as rkt, Hyper-v, LXC.

A container is a technology that packages up source code, dependencies, and configurations.

A container image is a standalone, lightweight, and executable software containing everything needed to run an application. A container image becomes a container at runtime.

Difference Between Virtual Machines and Container?

Source:-Weaveworks

What are the benefits of Containers?

• Less overhead:- Containers need fewer system resources than ancient or hardware virtual machine environments as a result of they don’t embody OS pictures.
• Increased movableness:- Applications running in containers are often deployed simply to multiple totally different operative systems and hardware platforms.
• More consistent operation:- DevOps groups grasp applications in containers can run a similar, no matter wherever they’re deployed.
• Greater potency:- Containers permit applications to be quicker deployed, patched, or scaled.
• Better application development:- Containers support agile and DevOps efforts to accelerate development, test, and production cycles.

How to Secure Containers?

We could use some tools that could help us secure Docker containers:-

• Hadolint :- A smarter Dockerfile linter that helps you build best practice Docker images. The linter is parsing the Dockerfile into an AST and performs rules on top of the AST.
• Docker-bench-security:- It is a script that checks for dozens of common best-practices around deploying Docker containers in production.
• Dockscan: A security vulnerability scanner with a low number of commits
• Batten: An auditing toolkit similar to Docker Bench, but with inactive support
• BlackDuck Docker security: A container image security scanning tool built as a web service.
• Inspec: An auditing and testing framework with Docker container testing capabilities

References:-

https://www.docker.com/resources/what-container https://www.netapp.com/blog/containers-vs-vms/

Hope you liked this blog please let me know what should I write about or what should I change in my blogs.