Cloud and Datacenter Management Blog

Microsoft Hybrid Cloud blogsite about Management

Tag Archives: DevSecOps


by Leave a comment

FREE Hardened Docker images is the New Security Baseline for Developers and Business

The Rise of Free Hardened Docker Images: A New Security Baseline for Developers and DevOps

Containerization has become the backbone of modern software delivery. But as adoption has exploded, so has the attack surface. Vulnerable base images, outdated dependencies, and misconfigured runtimes have quietly become some of the most common entry points for supply‑chain attacks.

The industry has been asking for a better baseline—something secure by default, continuously maintained, and frictionless for teams to adopt. And now we’re finally seeing it: free hardened Docker images becoming widely available from major vendors and open‑source security communities.

This shift isn’t just a convenience upgrade. It’s a fundamental change in how we think about container security.

Why Hardened Images Matter More Than Ever

A “hardened” image isn’t just a slimmer version of a base OS. It’s a container that has been:

  • Stripped of unnecessary packages
    Fewer binaries = fewer vulnerabilities.
  • Built with secure defaults
    Non‑root users, locked‑down permissions, and minimized attack surface.
  • Continuously scanned and patched
    Automated pipelines ensure CVEs are fixed quickly.
  • Cryptographically signed
    So you can verify provenance and integrity before deployment.
  • Aligned with compliance frameworks
    CIS Benchmarks, NIST 800‑190, and other standards are increasingly baked in.

For developers, this means fewer surprises during security reviews. For DevOps teams, it means fewer late‑night patch cycles and fewer emergency rebuilds.

What’s New About the Latest Generation of Free Hardened Images

The newest wave of hardened images goes far beyond the “minimal OS” approach of the past. Here’s what’s changing:

  1. Hardened Language Runtimes

We’re seeing secure-by-default images for:

  • Python
  • Node.js
  • Go
  • Java
  • .NET
  • Rust

These images often include:

  • Preconfigured non‑root users
  • Read‑only root filesystems
  • Mandatory access control profiles
  • Reduced dependency trees
  1. Automated SBOMs (Software Bills of Materials)

Every image now ships with a machine‑readable SBOM.
This gives you:

  • Full visibility into dependencies
  • Faster vulnerability triage
  • Easier compliance reporting

SBOMs are no longer optional—they’re becoming a standard part of secure supply chains.

  1. Built‑in Image Signing and Verification

Tools like Sigstore Cosign, Notary v2, and Docker Content Trust are now integrated directly into image pipelines.

This means you can enforce:

  • “Only signed images may run” policies
  • Zero‑trust container admission
  • Immutable deployment guarantees
  1. Continuous Hardening Pipelines

Instead of waiting for monthly rebuilds, hardened images are now updated:

  • Daily
  • Automatically
  • With CVE‑aware rebuild triggers

This dramatically reduces the window of exposure for newly discovered vulnerabilities.

Read the complete blogpost about a Safer Container Ecosystem with Docker: Free Docker Hardened Images here


by Leave a comment

Docker Desktop Container Images and Azure Cloud App Services

Docker Desktop and Azure App Cloud Services

Expanded Architecture: Docker developer environment with Azure Cloud Services.

Development Environment

  • Docker Desktop + Tools: Visual Studio Code, Azure CLI, Docker Scout, AI, MCP
  • Docker Scout CLI: Compares image versions, detects CVEs, integrates with pipelines

Container Host (Windows Server 2025 Core)

  • Hyper-V Isolated Containers: For enhanced security
  • Workloads: Microservices, legacy apps, AI containers
  • GitOps Operator: Automated deployment via Git repositories
  • Azure Arc Agent: Connects on-prem host to Azure Control Plane

Here you find more information about Docker on Windows Server 2025 Core

Your Windows 11 Laptop with Docker Desktop

☁️ Azure Cloud Integrations

Component Function
Azure App Service (Docker) Hosts web apps as Docker containers with autoscaling and Key Vault integration
Azure DevOps + Pipelines CI/CD for image build, scan, push, and deployment
Azure Copilot Security AI-driven security recommendations and policy analysis
Azure Container Registry (ACR) Secure storage and distribution of container images
Azure Key Vault Secrets management: API keys, passwords, certificates
Microsoft Defender for Cloud Runtime protection, image scanning, threat detection
Azure Policy & RBAC Governance and access control
Azure Monitor + Sentinel Logging, metrics, threat detection
Azure Update Manager Hotpatching of Windows and container images without reboot

More information on Strengthening Container Security with Docker Hardened Images and Azure Container Registry

DevSecOps Workflow

  1. Build & Harden Image → Dockerfile + SBOM
  2. Scan with Docker Scout → CLI or pipeline
  3. Push to ACR → With signing and RBAC
  4. Deploy via Azure DevOps Pipelines → App Service or Arc-enabled host
  5. Inject Secrets via Key Vault → Automatically at runtime
  6. Monitor & Patch → Azure Monitor + Update Manager
  7. Audit & Alerting → Azure Sentinel + Defender
  8. Security Guidance → Copilot Security analyzes policies and offers recommendations

Example of Deploying a custom container to Azure App Service with Azure Pipelines

Microsoft Azure App Service is really scalable for Docker App Solutions:

Azure App Service is designed to scale effortlessly with your application’s needs. Whether you’re hosting a simple web app or a complex containerized microservice, it offers both vertical scaling (upgrading resources like CPU and memory) and horizontal scaling (adding more instances). With built-in autoscaling, you can respond dynamically to traffic spikes, scheduled workloads, or performance thresholds—without manual intervention or downtime.

From small startups to enterprise-grade deployments, App Service adapts to demand with precision, making it a reliable platform for modern, cloud-native applications.

Scale Up Features and Capacities Learn how to increase CPU, memory, and disk space by changing the pricing tier

Enable Automatic Scaling (Scale Out) Configure autoscaling based on traffic, schedules, or resource metrics

Per-App Scaling for High-Density Hosting Scale individual apps independently within the same App Service Plan

Conclusion

For modern developers, the combination of Azure App Services and Docker Desktop offers a powerful, flexible, and scalable foundation for building, testing, and deploying cloud-native applications.

  • Developers can build locally with Docker, ensuring consistency and portability.
  • Then deploy seamlessly to Azure App Services, leveraging its cloud scalability and integration.
  • This workflow reduces configuration drift, accelerates testing cycles, and improves team collaboration.


by Leave a comment

Docker Scout, stripped down: comparing what changed and securing what matters (CLI only)

Docker Scout version 1.18.2

There’s a quiet moment after every deploy where you ask yourself: what actually changed? Not just the feature—you know that—but the stuff beneath it. Packages. Base images. Vulnerabilities that slipped in while you were busy shipping. Docker Scout’s CLI gives you the flashlight for that dark room. No dashboards. No detours. Just commands, signal, and the truth.

In July 2025 I wrote a blogpost about Docker Scout for Vulnerability management of Containers and remediation

Docker Scout Compare is quite significant for container security, especially in modern DevSecOps workflows. Here’s why it matters:

🔍 What Docker Scout Compare Does

  • Image Comparison: It analyzes two Docker images—typically a new build vs. a production version—and highlights differences in vulnerabilities, packages, and policies.
  • Security Insights: It identifies newly introduced CVEs (Common Vulnerabilities and Exposures), changes in package versions, and policy violations between image versions.
  • SBOM Integration: It uses Software Bill of Materials (SBOMs) to trace dependencies and match them against vulnerability databases.

🛡️ Why It’s Important for Security

  • Proactive Risk Management: By comparing images before deployment, teams can catch regressions or newly introduced vulnerabilities early.
  • Supply Chain Transparency: Helps track changes across the container supply chain, which is crucial for preventing issues like Log4Shell.
  • CI/CD Integration: Fits seamlessly into automated pipelines, ensuring every image update is vetted for security before release.

⚙️ Key Features That Boost Its Value

Feature Benefit
Continuous vulnerability scanning Keeps your images secure over time, not just at build time
Filtering options Focus on critical or fixable CVEs, ignore unchanged packages, etc.
Markdown/Text reports Easy to integrate into documentation or dashboards
Multi-stage build analysis Understand security across complex Dockerfiles

🧠 Bottom Line

If you’re serious about container security, Docker Scout Compare isn’t just helpful—it’s becoming essential. It gives developers and security teams a clear view of what’s changing and whether those changes introduce risk.

The heart of change: compare old vs new, precisely

You built a new image. What did you add? What did you remove? What got better—or worse?
Here are some Docker scout compare CLI commands:

# Compare prod vs new build

docker scout compare –to myapp:prod myapp:sha-123

# Focus on meaningful risk changes (ignore base image CVEs)

docker scout compare –to myapp:prod myapp:sha-123 –ignore-base

# Show only high/critical that are fixable

docker scout compare –to myapp:prod myapp:sha-123 –only-severity high,critical –only-fixed

# Fail when security gets worse (perfect for CI)

docker scout compare –to myapp:prod myapp:sha-123 –exit-on vulnerability

Here you find more about Docker Scout Compare 🐳

In my case I will do a Docker Scout compare between these two images:

docker scout compare –to azure-cli-patched:latest mcr.microsoft.com/azure-cli:azurelinux3.0

Compare results between the two images.

Compare results between the two images, here you see the Fixed vulnerability differences.

Conclusion

🔐 Final Thoughts: Docker Scout Compare CLI & Security

In today’s fast-paced development landscape, security can’t be an afterthought—it must be woven into every stage of the software lifecycle. Docker Scout Compare CLI empowers teams to do just that by offering a clear, actionable view of how container images evolve and what risks they may introduce. Its ability to pinpoint new vulnerabilities, track dependency changes, and integrate seamlessly into CI/CD pipelines makes it a vital tool for modern DevSecOps.

By embracing Docker Scout Compare, organizations move from reactive patching to proactive prevention—turning container security from a bottleneck into a strategic advantage. 🚀


by Leave a comment

Docker Scout for Vulnerability management of Containers and remediation

I have installed the latest Docker Desktop for Windows version 4.43.2

In today’s cloud-native world, container security is not a luxury—it’s a mission-critical requirement. With the release of Azure Linux 3.0, Microsoft has reinforced its dedication to performance, flexibility, and security. But no matter how polished the host OS is, containers themselves can still be riddled with vulnerabilities, bloated layers, or sneaky outdated dependencies. That’s where Docker Scout and Open Source tool Dive come into play.

Docker Scout: Intelligence at Your Fingertips

Docker Scout introduces vulnerability detection into your CI/CD pipeline. For Azure Linux 3.0 containers, this means:

  • Real-Time Vulnerability Scanning: Scout analyzes your container image (including base layers) against CVE databases and flags known vulnerabilities.
  • Remediation Guidance: It doesn’t just scream “VULNERABLE!”—Scout offers actionable suggestions like switching to a newer base image or updating specific packages.
  • Policy Integration: You can define security policies (e.g., block images with critical CVEs) and automate enforcement in Azure DevOps or GitHub Actions.

In the following steps we will get the Microsoft Azure Linux 3.0 container and scan for security issues before we run the container.

Open Docker terminal
docker pull mcr.microsoft.com/azure-cli:azurelinux3.0

when you have pulled the image, you can do a quick scan with Docker Scout.
docker scout quickview mcr.microsoft.com/azure-cli:azurelinux3.0

docker scout cves mcr.microsoft.com/azure-cli:azurelinux3.0

Here you can see more information about the CVE’s.

Here you see the vulnerable package file and the fix for remediation.

Now we want to remediate this image with the update fix version 2.32.4 of this package. To do this, I made a directory docker fix with a dockerfile (without any extension) with the following commands :

———

# ⚙️ Start met Azure CLI base image op Azure Linux 3.0
FROM mcr.microsoft.com/azure-cli:azurelinux3.0

# 🧰 Install Python and pip via tdnf
RUN tdnf install -y python3 python3-pip

# 🛠️ Upgrade pip and install
RUN python3 -m pip install –no-cache-dir –upgrade –ignore-installed pip \
&& python3 -m pip install –no-cache-dir requests==2.32.4

# Remove old files
RUN rm -f /usr/lib/az/lib/python3.12/site-packages/requests-2.32.3.dist-info/METADATA

# 🔍 Verify 
RUN python3 -c “import requests; print(f’Requests versie: {requests.__version__}’)”

————-

With Open Source tool Dive you can have a look into the Docker image. This supported me because first I did only the install and upgrade of the file requests version 2.32.3 to fixed version 2.32.4. But then Docker Scout still see the vulnerability file in the image.

dive [Image]
So that’s why we remove it via the Dockerfile.

We now building a new image with this dockerfile :

docker buildx build –provenance=true –sbom=true -t azure-cli-patched:latest .

After a Docker Scout scan, there are zero vulnerabilities in the image now
and in the Container fixed version 2.32.4 is running.

Conclusion

Docker Scout represents a major leap forward in managing container security, efficiency, and reliability. By integrating seamlessly into the Docker ecosystem, it empowers developers to ship production-ready containers with confidence.

💡 Key Benefits

  • Security Insights: Automatically detects vulnerabilities, recommends fixes, and integrates with CVE databases.
  • Dependency Intelligence: Tracks changes and upgrades across your software stack to ensure compatibility and stability.
  • Image Comparison: Visualizes differences between builds—helping you pinpoint unintended changes and regressions.
  • Team Collaboration: Enables shared visibility across development pipelines, so teams can align on image quality and release standards.

In short, Docker Scout turns container image analysis into a proactive, collaborative part of modern DevOps. Whether you’re optimizing performance or hardening against threats, Scout puts you ahead of the curve.

 

 

 


by Leave a comment

Exploring Docker Desktop 4.39.0 New Features and Enhancements

Docker Desktop for Windows update 4.39.0

Introduction
Docker Desktop 4.39.0 is here, bringing a host of new features designed to enhance developer productivity, streamline workflows, and improve security. This release continues Docker’s commitment to providing efficient, secure, and reliable tools for building, sharing, and running applications.

Key Features in Docker Desktop 4.39.0

  1. Docker AI Agent with Model Context Protocol (MCP) and Kubernetes Support
    • The Docker AI Agent, introduced in previous versions, has been upgraded to support MCP and Kubernetes. MCP enables AI-powered applications to access external data sources, perform operations with third-party services, and interact with local filesystems. Kubernetes support allows the AI Agent to manage namespaces, deploy services, and analyze pod logs.
  2. General Availability of Docker Desktop CLI
    • The Docker Desktop CLI is now officially available, offering developers a powerful command-line interface for managing containers, images, and volumes. The new docker desktop logs command simplifies log management.
  3. Platform Flag for Multi-Platform Image Management
    • Docker Desktop now supports the –platform flag on docker load and docker save commands, enabling seamless import and export of multi-platform images.
  4. Enhanced Containerization Across Programming Languages
    • The Docker AI Agent can now containerize applications written in JavaScript, Python, Go, C#, and more. It analyzes projects to identify services, programming languages, and package managers, making containerization effortless.
  5. Security Improvements
    • Docker Desktop 4.39.0 addresses critical vulnerabilities, such as CVE-2025-1696, ensuring proxy authentication credentials are no longer exposed in plaintext.

Docker Scout Security

Why These Features Matter

  • Developer Productivity: The upgraded Docker AI Agent simplifies container management and troubleshooting, saving developers time and effort.
  • Multi-Platform Flexibility: The –platform flag ensures compatibility across diverse environments, making Docker Desktop a versatile tool for modern development.
  • Enhanced Security: By addressing vulnerabilities, Docker Desktop 4.39.0 reinforces its position as a secure platform for application development.

Conclusion
Docker Desktop 4.39.0 is a significant step forward, offering smarter tools, improved security, and greater flexibility for developers. Whether you’re managing Kubernetes clusters or containerizing applications, this release has something for everyone.

For more details, you can explore the official Docker blog or the release notes

 


by Leave a comment

Docker Desktop for Windows – A Developer’s Best Friend

Docker Desktop main screen

In the ever-evolving world of software development, Docker Desktop for Windows has emerged as an indispensable tool for developers. This powerful platform simplifies the process of building, sharing, and running applications within containers, offering a host of features and benefits that streamline workflows and enhance productivity. Let’s dive into what makes Docker Desktop for Windows a must-have for developers.

Easy Installation and Setup

One of the standout features of Docker Desktop for Windows is its straightforward installation process. With just a few clicks, developers can have Docker up and running on their Windows machines. The intuitive setup ensures that even those new to Docker can get started without a hitch.

Integrated GUI

Docker Desktop comes with a user-friendly Graphical User Interface (GUI) that makes managing containers, images, and settings a breeze. The GUI provides a visual representation of your Docker environment, allowing you to easily monitor and control your containers without needing to rely solely on command-line instructions.

Seamless Integration with WSL 2

For developers working with both Windows and Linux containers, Docker Desktop offers seamless integration with Windows Subsystem for Linux 2 (WSL 2). This integration allows you to switch between Linux and Windows containers effortlessly, leveraging the best of both worlds. WSL 2 provides a lightweight Linux kernel that runs alongside your Windows OS, ensuring optimal performance and compatibility.

Resource Management

Docker Desktop includes robust resource management features, enabling developers to allocate CPU, memory, and disk resources to their containers. This ensures that your development environment remains responsive and efficient, even when running multiple containers simultaneously.

Automatic Updates

Docker Desktop Automatically check for updates.

Keeping your Docker environment up-to-date is crucial for security and performance. Docker Desktop simplifies this process with automatic updates, ensuring that you always have the latest features and security patches without manual intervention.

Docker Compose Integration

Docker Compose is a powerful tool for defining and running multi-container Docker applications. Docker Desktop integrates seamlessly with Docker Compose, allowing developers to easily manage complex applications with multiple services. This integration simplifies the orchestration of containers, making it easier to develop, test, and deploy applications.

Kubernetes Support

For developers looking to dive into the world of Kubernetes, Docker Desktop offers built-in support for Kubernetes. This feature allows you to run a single-node Kubernetes cluster on your local machine, providing a convenient environment for learning and experimentation. With Kubernetes support, you can develop and test containerized applications before deploying them to a production cluster.

Volume Management

Docker Desktop Volumes management

Managing data within containers is made simple with Docker Desktop’s volume management capabilities. You can easily create, manage, and share volumes between containers, ensuring that your data persists across container restarts and updates.

Benefits for Developers

Enhanced Productivity

Docker Desktop Dev Environments

Docker Desktop streamlines the development process by providing a consistent environment across different stages of development. This consistency reduces the “it works on my machine” problem, ensuring that applications run smoothly from development to production.

Simplified Collaboration

With Docker Desktop, sharing your development environment with team members is as simple as sharing a Docker image. This ensures that everyone on your team is working with the same setup, reducing discrepancies and improving collaboration.

Flexibility and Portability

Docker containers are inherently portable, allowing you to run your applications on any system that supports Docker. This flexibility is particularly beneficial for developers working in diverse environments or deploying applications across different platforms.

Improved Security

Docker Desktop Scout

Docker Desktop provides a secure environment for running containers, isolating applications from the host system and each other. This isolation reduces the risk of security vulnerabilities and ensures that your development environment remains protected.

Conclusion

Docker Desktop for Windows is a game-changer for developers, offering a comprehensive suite of features that enhance productivity, simplify collaboration, and improve security. Whether you’re a seasoned developer or just starting with containerization, Docker Desktop provides the tools you need to build, share, and run applications with ease. Embrace the power of Docker Desktop and take your development workflow to the next level.

Here you find more information about Docker Desktop:

The Website of Docker Desktop

Docker Desktop Documentation

Skill up with Docker

Whalecome to the Docker Community 🐳

Docker in VSCode

Happy coding! 🚀


by Leave a comment

Enhancing Security with Docker Container Isolation

Use Enhanced Container Isolation

Enhancing Security with Docker Container Isolation

In today’s digital landscape, securing applications and data is paramount. Docker container isolation plays a crucial role in ensuring that applications run securely, without interference from other containers or the host system. This blog post delves into the importance of container isolation for security purposes and compares the security features of Docker’s Hyper-V engine and WSL 2 Docker engine.

The Importance of Container Isolation

Container isolation involves creating a protective boundary around each container to prevent interference between containers and the host system. This helps maintain a secure environment and avoid potential issues. Docker provides several mechanisms to enhance container isolation, including:

  • Namespaces: Isolate processes, network interfaces, and file systems.
  • Control Groups (cgroups): Limit and isolate resource usage (CPU, memory, disk I/O).
  • Seccomp: Restrict system calls that containers can make.
  • AppArmor and SELinux: Apply mandatory access control policies.

Here you find more information about AppArmor and SELinux

These mechanisms ensure that containers operate independently, reducing the risk of security breaches.

Use Docker Scout for Security vulnerability management to keep secure Container images

Enhanced Container Isolation (ECI)

Docker’s Enhanced Container Isolation (ECI) provides an additional layer of security to prevent malicious workloads from compromising Docker Desktop or the host. ECI uses advanced techniques to harden container isolation without impacting developer productivity. These techniques include:

  • Running all containers unprivileged through the Linux user-namespace.
  • Ensuring Docker Desktop VM immutability.
  • Vetting critical system calls to prevent container escapes.
  • Partially virtualizing portions of /proc and /sys inside the container.

Docker Hyper-V Engine vs. WSL 2 Docker Engine

When it comes to running Docker on Windows, users have two main options: the Hyper-V engine and the WSL 2 Docker engine. Both have their own security implications.

Docker Hyper-V Engine:

  • Isolation: Hyper-V provides strong isolation by running each container in a separate virtual machine (VM). This ensures that containers are isolated from each other and the host.
  • Security: Hyper-V’s dedicated kernel for Docker Desktop ensures that the integrity of kernel-level configurations is maintained. This makes it harder for malicious workloads to breach the Docker Desktop Linux VM and host.
  • User Access: Docker Desktop users cannot easily access the Docker Desktop Linux VM, preventing them from modifying Docker Engine settings inside the VM.

WSL 2 Docker Engine:

  • Isolation: WSL 2 uses a lightweight Linux kernel inside a Windows VM, providing a more integrated experience with the Windows operating system.
  • Security: While WSL 2 offers good isolation, it shares the same instance of the Linux kernel across all WSL 2 distributions on the same Windows host. This means that Docker Desktop cannot ensure the integrity of the kernel in the Docker Desktop Linux VM, as another WSL 2 distribution could modify shared kernel settings.
  • User Access: Docker Desktop users can trivially access the Docker Desktop Linux VM with the wsl -d docker-desktop command, allowing them to bypass Docker Desktop security settings.

Conclusion

Both Docker Hyper-V and WSL 2 engines offer unique advantages and trade-offs in terms of security. Hyper-V provides stronger isolation and security by running containers in separate VMs with dedicated kernels, while WSL 2 offers a more integrated and performant experience with some security limitations. Choosing the right engine depends on your specific security requirements and use cases.

Important

Before you are going to use Docker Container Isolation in production environments, always test your Docker configurations in a Test environment first and do some experience first with your own Container scenarios.

For more detailed information, you can visit the official Docker documentation.

Enhanced Container Isolation (ECI) FAQs


by Leave a comment

Docker Scout Security for your Containers images

Docker Scout Command Line Reference

Docker Scout is a tool designed to enhance the security of your software supply chain by analyzing your container images. It creates a detailed inventory of the components within your images, known as a Software Bill of Materials (SBOM). This SBOM is then checked against a continuously updated vulnerability database to identify any security weaknesses.

Docker Scout is versatile and can be used with Docker Desktop, Docker Hub, the Docker CLI, and the Docker Scout Dashboard. It also integrates with third-party systems like container registries and CI platforms. Essentially, it helps you proactively manage and mitigate vulnerabilities in your container images, ensuring your applications are more secure before they hit production.

Container Images in the Cloud

When you pulled the Image into Docker, you want to know is it secure before using it.
Here is Docker Scout Security in place.

With Docker Scout we will analyze the Container Image.

Scan vulnerabilities results is 0 and can be used 🙂

SBOM with 135 packages and no vulnerabilities found.

Now I can run my Kali Linux Container after Security vulnerability check with Docker Scout.

But there are also images available which have vulnerabilities in the SBOM in some of the packages because they are not up-to-date and behind patching for example. This is why Docker Scout is a very handy security tool to keep your images secure and warn you if security remediation is needed. So don’t pull and run container images fast because you are in a hurry, first check your container image with Docker Scout!

This Container is also pulled from the Cloud and has vulnerabilities because software packages are not up-to-date in the Container image.

Important vulnerabilities found by Docker Scout analyzer!
Click on View Packages and CVEs

The vulnerabilities in this Container image.
You can go deeper into the CVEs.

Here you see the links to the CVEs

Here you see the Fix version of the vulnerability 🙂

Click on the CVE-2024-5535 link for more info.

Remediation with Docker Scout is currently in Beta at the moment when I’m writing this blogpost. Here you find more information on docker docs

 

Conclusion

I always say Security by Design. Docker Scout supports you to keep your Container images as secure as possible before your containers are in a running state.
Keep your images in your Cloud registries up-to-date and clean from vulnerabilities in your packages (SBOM). I really like how docker is improving the product in a secure way with Docker Scout and make it easy to understand for DevOps, developers and security people to keep compliance in place and why it’s important not to run public images right away from the Cloud because of the risks.  Here you find more information about Docker Scout:

Docker Scout documentation

Docker Scout integration with other Systems or Container repositories

Get started with Policy Evaluation in Docker Scout

Docker Scout Demo and Q&A

 

 


by Leave a comment

Download the Windows 11 Security Book: Powerful #security by Design

Here you can download the Free Windows 11 Security E-book

How Secure are your devices?

Make it more secure by design with Windows 11 and do security assessments / scans for vulnerabilities on your pc’s in your company.
I hope this free E-Book will give you more security insights.


by Leave a comment

#MVPLABSerie Azure Defender for Cloud with #AzureArc enabled SQL Server #AzureHybrid #Security

Azure Arc enabled SQL Servers Architecture

To keep your Business running, It’s important to secure and monitor your data. One of the security measures is doing Vulnerability assessments in your datacenter(s) to see the status and results for remediation. With Microsoft Azure Arc Defender for Cloud you can do a SQL Server vulnerability assessment in your on-premises datacenter or anywhere with the Azure Arc agent running.
Here you find more information about Azure Arc enabled SQL Server

Microsoft Defender for Cloud on Azure Arc enabled SQL Server

Here I activated Microsoft Defender for Cloud on Azure Arc enabled SQL Server, and Azure Defender for Cloud is doing a SQL vulnerability assessment to get the security status and results for remediation.

On this same Azure portal page you will see the Vulnerability assessment findings.

When you Open a Vulnerability finding, you get more information and the remediation for the issue.

Here you see the complete Resource Health of the Azure Arc enabled SQL Server.
Look at the Status of each severity.

Here you see all the vulnerability findings on these four databases.

When you do the remediation you will see the healthy status.
on the Passed tab.

Here I open only the OperationsManager database.
Now you see only the Vulnerability findings on this database.

Here you see a vulnerability finding on the SCOM database with the Remediation 🙂

You can make your Own Workbooks or use them from the Gallery.

Workbook example of Vulnerability Assessment findings.

Conclusion

With Azure Defender for Cloud vulnerability assessment and management you will learn a lot to set your Security Baseline on a higher level in your datacenter(s). Getting the right remediation of Microsoft to solve security issues is Great! You can do your assessments frequently to show your current status on demand. I Really like these Azure Hybrid Tools to make my work easier and the data more secure for the business.


Please join the Azure Hybrid Community Group on LinkedIn for free ( Sharing is Caring together )