🔐 Container Security 🔐 - 2nd edition out now!

• Read on O’Reilly
  • New! Second edition
  • First edition
• Support independent bookshops by ordering from Bookshop.org
• Or order from your local bookshop
  • Second edition: ISBN 9798341627673
  • First edition: ISBN 9781492056706
• Buy from Amazon

Table of Contents

1. Container Security Threats
2. Linux System Calls, Permissions and Capabilities
3. Control Groups
4. Container Isolation
5. Virtual Machines
6. Container Images
7. Supply Chain Security
8. Software Vulnerabilities in Images
9. Infrastructure as Code and GitOps
10. Strengthening Container Isolation
11. Breaking Container Isolation
12. Container Network Security
13. Securely Connecting Components
14. Passing Secrets to Containers
15. Container Runtime Protection
16. Containers and the OWASP Top 10

Code examples

This repo contains some code examples to accompany the book. You can run them in O’Reilly’s sandbox environment or use your own Linux machine or virtual machine. I have tested them on MacOS using Lima running a Ubuntu 24.04 LTS distribution, with the provided lima.yaml file:

limactl start --name=ubuntu24-04 lima.yaml

By default Lima now installs Docker in rootless mode, but for demonstration purposes I have left it in the traditional rootful mode.

References

If you have the print edition of the book, URLs are tedious to type in, so I have included links under a References section for each chapter.

Suggestions, corrections and feedback

Please report any issues, corrections or ideas for the next edition on GitHub