5 Software Supply Chain Security Best Practices for Development Teams
Understanding software supply chain security is one thing. Putting it into practice across a real pipeline, with real deadlines and […]
Docker
Docker devops updates
What is AI Governance? Frameworks, Principles, and Best Practices
AI agents are moving fast. According to our State of Agentic AI report, 60% of organizations already have AI agents
What is Software Supply Chain Security?
Software supply chain attacks have accelerated faster than most security teams anticipated. Sonatype’s 2026 State of the Software Supply Chain
Hardened Images Explained: Fewer CVEs, Smaller Attack Surface
When security teams scan their container environments for the first time, they often discover hundreds of known vulnerabilities, and almost
How to Secure AI Agents: A Practical Overview for Development Teams
In our State of Agentic AI report, 45% of organizations said they struggle to ensure the tools their agents use
What is Sandbox Security?
If you’re already familiar with sandboxing as an isolation technique, sandbox security is the next layer: the policies, controls, and
Coding Agent Horror Stories: The rm -rf ~/ Incident
This is Part 2 of our AI Coding Agent Horror Stories series, an in-depth look at real-world security incidents exposing
Mitigating CVE-2026-31431 (“Copy Fail”) in Docker Engine
CVE-2026-31431 is a Linux kernel vulnerability that was recently disclosed. This CVE does not compromise Docker infrastructure. That said, Docker
The Untrusted Autonomous Workload: How AI Coding Agents Reshape What Isolation Has to Do
Earlier this year I mass-migrated my blog to Astro using Claude Code. 146 posts. 6,024 images. Canonical URLs, JSON-LD markup,
Meet Gordon: Docker’s AI Agent For Your Entire Container Workflow
Gordon understands your environment, proposed fixes, and takes action across your entire Docker workflow. Now generally available. Image 1: Gordon