Finding leaked credentials in Docker images - How to secure your Docker images
Ғылым және технология
Docker can be a blind spot for security, in this video we look at leaked credentials inside docker images. We evaluate how leaked secrets like API keys and certificats are leaked into docker images, how we can detect them and how we can protect our own images.
Resources:
Research into leaked credentials in docker images: blog.gitguardian.com/hunting-...
Dive, tool to view docker images: github.com/wagoodman/dive
GG-Shield, tool to scan docker images: github.com/GitGuardian/ggshield
GitGuardian, Secrets detection solution: dashboard.gitguardian.com
Cheatsheet, protecting docker images: blog.gitguardian.com/how-to-i...
Intro: 0:00
What are secrets: 0:49
What is docker: 2:10
Inside docker images: 3:24
Examples of leaked secrets: 5:19
How secrets leak in docker images: 7:08
Docker security research: 10:00
Scanning Docker for secrets: 11:40
Wrap-up: 16:41
Пікірлер: 9
this video should be 100K, one more sub here +1, quality + voice + resolution , sound . clean , what more we need . thanks a lot , totally new usful info which helps a lot in real life scenario . please video on using Buildkit for build images , regards
thank you for talking about this this has given me more to thick about when building my projects
Excellent presentation, thanks!
Super helpful, thank you! (I'm the 800th subscriber! 😛This channel deserve much more love and views!)
@GitGuardian
Жыл бұрын
Thanks a lot!
What if I named my password-containing environment variable `CORNFLAKES_FOR_YOU` and the value was not a hash of any kind? Is your little tool going to know that it shouldn't be there?
Interestingly GGShield doesn't detect my Flask .env credentials even when I don't even remove the file. IDK what's the reason here.
@GitGuardian
Жыл бұрын
We need a little more information but happy to look into it. You can always emails us at support[at]gitguardian.com