Containers are a standardized form of software comprised of packages of code with all their dependencies mapped carefully. They contain everything required to run applications. Code, runtime, tools, libraries, settings, and more are all contained within the container. This block of software runs on top of an OS as designed regardless of the environment. Developers, […]
Containers are a standardized form of software comprised of packages of code with all their dependencies mapped carefully. They contain everything required to run applications. Code, runtime, tools, libraries, settings, and more are all contained within the container. This block of software runs on top of an OS as designed regardless of the environment. Developers, then, can use them like Lego blocks to provide systems faster and applications with more agility. They have the advantage of being even more portable than virtual machines (VMs) and requiring fewer resources.
There is constant development work and plenty of news in the container engine space. Below are just a few of the latest news highlights and trends:
Docker is the original commercial container engine. But it hasn’t rested on its laurels. Most recently it acquired Atomist to enhance security. Atomist provides visibility and control across the software supply chain — without disrupting existing workflows and tools. It protects against unwittingly shipping changes that expose users to risk.
“Integrating this into Docker will be invaluable in helping developers shift left on security as they create their applications while satisfying DevSecOps teams,” said Docker CEO Scott Johnston.
Just a few weeks before the Atomist acquisition, Docker also added Tilt, the maker of a development environment as code for teams on Kubernetes. The aim is to use this to reduce the pains of microservice development within Docker.
“Tilt helps developers building apps for Kubernetes get their jobs done faster,” said Johnston. “Integrating Tilt’s features, including live updates and shareable, reproducible development environments, into Docker Desktop will increase development team collaboration and accelerate their release cadence.”
Microsoft has recently introduced a number of container upgrades as part of its Windows Server 2022 platform. For example, Windows containers can now maintain a virtualized time zone configuration separate from the host. It also fixed several issues in its container engine that users were complaining about. These included:
Oracle Container Engine for Kubernetes is an Oracle-managed container orchestration service. It is designed to reduce the time and cost to build modern cloud native applications. The vendor provides the Container Engine for Kubernetes as a free service that can run on higher-performance, lower-cost compute platforms.
One of the most recent developments for this container engine is the Oracle Cloud Infrastructure (OCI) Service Operator for Kubernetes (OSOK). This open source add-on allows Kubernetes users to manage OCI resources such as the Autonomous Database service and the MySQL Database service using a Kubernetes API. As a result, it becomes easier to create, manage, and connect to OCI resources from a Kubernetes environment and using Kubernetes tooling.
The various container platforms such as Docker and Kubernetes include some native security controls. But like cloud security, the safeguarding of containers has given rise to many different security tools and approaches. Containerized application development, too, often takes advantage of third-party software components that may have vulnerabilities. Thus, containers are susceptible to rogue processes that bypass the isolation that containers are supposed to provide. That opens the door to unauthorized access to other container images. If the container image itself includes a vulnerability, it can then be deployed unwittingly in applications. And then there are misconfigured permissions that could be abused by an attacker.
Thus, there is a lot of attention on container security, these days. The leading vendors and open-source flavors of container technology have all issued upgrades that enhance security. As container usage spreads, expect these engines to include even more built-in security features.
Aqua Security, for example, has been steadily increasing the geographies that can be served by its SaaS services. In addition, it recently released its runtime security service for Red Hat OpenShift on IBM Power Systems. The Aqua platform provides visibility into hybrid clouds. It can detect and prioritize, risk, provide supply chain protection, and mitigate attacks on containerized workloads without having to stop them. Recent feature additions include enforcement of container immutability, the ability to scan Red Hat OpenShift hosts running on the IBM Power 10 architecture and find any malware and vulnerabilities, as well as network segmentation enforcement and compliance, and monitoring of file integrity.
Drew Robb is a contributing writer for Datamation, Enterprise Storage Forum, eSecurity Planet, Channel Insider, and eWeek. He has been reporting on all areas of IT for more than 25 years. He has a degree from the University of Strathclyde UK (USUK), and lives in the Tampa Bay area of Florida.
Enterprise Storage Forum offers practical information on data storage and protection from several different perspectives: hardware, software, on-premises services and cloud services. It also includes storage security and deep looks into various storage technologies, including object storage and modern parallel file systems. ESF is an ideal website for enterprise storage admins, CTOs and storage architects to reference in order to stay informed about the latest products, services and trends in the storage industry.
Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.
