Containers are evolving fast—and so are the attacks against them.
In 2025, supply chain attacks, AI-driven threats, and sophisticated cloud-native exploits are more common than ever. This book is your up-to-date guide to defending Docker and Kubernetes in this new landscape, using the latest tools and techniques.
Covering every layer of container security, you'll go from foundational concepts to hands-on implementations. Starting with a clear overview of Docker, Kubernetes, and Linux containers, you'll learn how to:
- Build secure container images with SBOMs and attestations using modern standards like OCI 1.1 referrers
- Integrate security into your GitHub Actions and GitLab CI/CD pipelines
- Enforce pod security policies and manage secrets with RBAC
- Monitor Kubernetes runtime activity with Falco and Grafana
- Detect vulnerabilities early using tools like Docker Scout, Trivy, and Snyk
- Apply shift-left security and even Gen AI approaches for smarter defenses
Along the way, you'll tackle real-world challenges like scalability, disaster recovery, and securing multi-tenant clusters. With a focus on supply chain defense, you'll learn how to protect against the very same threats making headlines today—like the recent npm package compromises.
By the end of this book, you'll be ready to address the full spectrum of container security challenges and future-proof your DevOps pipelines, ensuring your applications are robust, secure, and ready for production.
Write your review for this book (optional)
Review Deleted
Your review has been deleted and won’t appear on the book anymore.
Mohammad-Ali A'râbi
Mohammad-Ali A’râbi is a Docker Captain, Snyk Ambassador, and Senior Backend Engineer based in Germany. He organizes the Docker community in the Black Forest, speaks internationally at DevOps and cloud-native events, and writes extensively about container security. His mission is to make secure containerization understandable and accessible for developers around the world.
