hey all,<p>I'm a software engineer thinking about using Docker in my deployment proces at a large company. I was wondering if this has any security implications?<p>Normally a developer checks in code, which is reviewed, and my automated build deploys it on all my servers.<p>Now with docker I deploy a container, which I could infect with extra software, or with code I manipulated.<p>Isn't this a huge security flaw?
Your container should be built by an automated process as part of a continuous deployment setup, just like your automated build, so I don't see the difference.
You could as well infect all your code with extra software, I fail to see how introducing Docker would change anything.<p>Of course, you should consider deploying containers only from your own private registry, and vetting any third party container before uploading it to your own registry as well.