Skip to main content

Your submission was sent successfully! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates from Canonical and upcoming events where you can meet our team.Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

  1. Blog
  2. Article

Valentin Viennot
on 2 June 2023

Docker container security: demystifying FIPS-enabled containers with Ubuntu Pro


In today’s rapidly changing digital environment, the significance of robust Docker container security measures cannot be overstated. Even the containerised layer is subject to compliance standards, which raise security concerns and compliance requirements.

Docker container security measures entail safeguarding our lightweight, appliance-type containers –each encapsulating code and its dependencies– from threats and vulnerabilities.

For sectors like public health relying on handling sensitive personal data, compliance standards –like FIPS– complement security measures by providing a structured approach to protect against potential breaches, preserve customer trust, and avoid liabilities.

This can range from robust access control configuration, such as entirely removing the use of the root user, to comprehensive vulnerability management practices, from decreasing the attack surface to properly and rapidly handling inevitable CVEs.

Elevating Docker container security: enabling FIPS in containers

As discussed in a previous blog post, Ubuntu Pro tooling has simplified the process of enabling FIPS in Docker containers. With the use of build-time secrets –introduced with Docker buildkit–, this once-difficult task is now straightforward.

We just made available technical documentation to make it easier for you to create and deploy FIPS-enabled Ubuntu containers across various cloud platforms:

The Ubuntu Pro advantage

To build these FIPS-enabled Ubuntu containers, the first step is subscribing to Ubuntu Pro. While the built content cannot be redistributed, running it mandates that all hosts, including cluster worker nodes, are covered with Ubuntu Pro subscriptions.

Ubuntu Pro is your all-access pass to a world of open source software security, and enhanced Docker container security and compliance. Enjoy the convenience of quick and extended security updates, 10-year maintenance, and security compliance, all under a single subscription plan.

Future plans: Chisel and chiselled Ubuntu container images

Last August, we unveiled “chiselled Ubuntu containers”. These container images combine the advantages of Distroless and (distro-full) Ubuntu, designed to deliver a seamless developer and ops experience, from development to production.

Chiselled Ubuntu containers are crafted with the use of the “Chisel” tool, a from-scratch package manager reusing upstream Ubuntu content and package knowledge, with an overlay of knowledge to help developers build appliance-type, Distroless, containers without overthinking them and without the maintenance burden.

Get ready for FIPS support coming soon to Chisel and chiselled Ubuntu container images!

Join our upcoming webinar

Join us for our upcoming webinar on June 13th to learn more about FIPS-enabled containers, Ubuntu Pro, and the future of customised ultra-small container images as Docker container security continues to advance. Don’t miss an opportunity to ask Canonical experts questions in real-time during the live Q&A session.

See you there!

Related posts


Canonical
5 September 2023

도커(Docker) 컨테이너 보안: 우분투 프로(Ubuntu Pro)로 FIPS 지원 컨테이너 이해하기

FIPS Security

오늘날 급변하는 디지털 환경에서 강력한 도커 컨테이너 보안 조치의 중요성은 아무리 강조해도 지나치지 않습니다. 컨테이너화된 계층도 규정 준수 표준의 적용을 받기 때문에 보안 문제 및 규정 준수 요구 사항이 발생합니다. 도커 컨테이너 보안 조치는 경량의 어플라이언스 유형 컨테이너(각 캡슐화 코드 및 해당 종속성)를 위협 및 취약성으로부터 보호하는 것을 수반합니다. 민감한 개인 데이터를 처리하는 데 의존하는 ...


Marina Khachatryan
2 November 2023

Meet the Canonical Federal and DOD team at Alamo Ace 2023

DISA STIG Article

Find us at the booth #54 or join a special joint session on November 14th at 2:15 PM. ...


Massimiliano Gori
22 April 2023

US Public Sector regulatory compliance with Ubuntu Pro and AWS GovCloud

Security Article

Ubuntu Pro is available for AWS GovCloud, where it combines comprehensive open-source security with the aforementioned AWS compliance features. ...