- Read on O'Reilly
- Support independent bookshops by ordering from Bookshop.org
- Or order from your local bookshop
- Second edition: ISBN 9798341627673
- First edition: ISBN 9781492056706
- Buy from Amazon
- Container Security Threats
- Linux System Calls, Permissions and Capabilities
- Control Groups
- Container Isolation
- Virtual Machines
- Container Images
- Supply Chain Security
- Software Vulnerabilities in Images
- Infrastructure as Code and GitOps
- Strengthening Container Isolation
- Breaking Container Isolation
- Container Network Security
- Securely Connecting Components
- Passing Secrets to Containers
- Container Runtime Protection
- Containers and the OWASP Top 10
This repo contains some code examples to accompany the book. You can run them in O'Reilly's sandbox environment or use your own Linux machine or virtual machine. I have tested them on MacOS using Lima running a Ubuntu 24.04 LTS distribution, with the provided lima.yaml file:
limactl start --name=ubuntu24-04 lima.yaml
By default Lima now installs Docker in rootless mode, but for demonstration purposes I have left it in the traditional rootful mode.
If you have the print edition of the book, URLs are tedious to type in, so I have included links under a References section for each chapter.
Please report any issues, corrections or ideas for the next edition on GitHub