Docker

A few days ago, Docker published an article on LinkedIn about a new tool called Docker Sandboxes (sbx). The pitch is simple: run AI coding agents in fully autonomous mode, without worrying about them touching your host machine. I read it and decided to install it on my MacBook Pro M4 (32 GB RAM) and test it for real. Not to read the documentation and summarize it, but to actually break things, observe what happens, and verify the security claims hands-on. ...

I’ve already touched the hardened images theme in the past talking how this theme is important in today’s world. Reducing the attack surface of our containers is not just a “nice to have” anymore; it is a fundamental requirement for a secure software supply chain. In an era where vulnerabilities can be exploited within hours of disclosure, starting with a secure base is half the battle. That is why the recent move by Docker is so significant. ...

In my last few years as a Team Leader DevSecOps, I’ve spent a significant amount of time helping customers, mostly in the financial sector, navigate the complexities of cloud-native security. I have seen companies invest heavily in state-of-the-art runtime protection, CNAPPs, and sophisticated CI/CD security gates. Yet, a familiar pattern emerges time and again: the moment security teams start looking at vulnerability reports, chaos ensues. The numbers are just too high to handle, creating a paralyzing sense of alert fatigue. ...

As I wrote in my last post, CyberArk Conjur is an enterprise secrets manager. , CyberArk Conjur is an enterprise secrets manager. In this post, I’ll provide an architecture overview along with the main system requirements. Conjur is currently available in two versions: Enterprise and open source (known as OSS). A “cloud” version will be available soon, offered as a SaaS solution. This post focuses on the Enterprise version, which is similar but not identical to the OSS version. ...