Skip to content

There is finally a way to improve the security of Cloud Container Registry

Featured Sponsor

Store Link Sample Product
UK Artful Impressions Premiere Etsy Store


As a software supply chain attacks have emerged as a daily threat, where bad actors poison a step in the development or distribution process, the tech industry has received a wake-up call about the need to secure every link in the chain. But actually implementing enhancements is challenging, particularly for the sprawling open source cloud development ecosystem. Now the security company chainguard says has a safer solution for a ubiquitous but long overlooked component.

“Container registries” are something like app stores or clearinghouses where developers upload “images” of containers to the cloud, each containing a different software program. The cloud services you use every day constantly and silently browse container logs to access applications, but these logs are often poorly protected with only a password that can be lost, stolen, or guessed. This often means that people who shouldn’t have access to a given container image can download it, or worse, upload images to the registry that could be malicious. Chainguard’s new container image registry aims to plug this esoteric but pervasive hole.

“Almost every possible bad thing has happened to container registries that you can imagine,” says Dan Lorenc, CEO of Chainguard and a longtime software supply chain security researcher. “People who lose passwords, people who introduce malware on purpose, people who forget to update things. The industry has just been using this for a long time, everyone was having fun, submitting the code, and no one was thinking about the long-term consequences.”

Chainguard researchers say they have long considered developing a more carefully crafted registry, particularly one that does away with passwords and instead uses a single sign-on approach to control registry access. That way, a registry can be designed to be as accessible or as locked down as necessary, and only people who are signed in to other accounts, such as corporate identity services or Google accounts, and are then specifically authorized, will be able to interact with the registry.

“Container registries have been a weak link,” says Jason Hall, Chainguard software engineer. “They’re pretty boring, pretty standard. This is software that is based on software to deliver software. We need to do better and get rid of the passwords to talk to the registry so we can get into the registry.”

However, the big limitation to implement a system like this has been the cost. Running a container registry is often very expensive due to “exit fees”. In other words, cloud providers don’t charge enterprise customers to upload data to the cloud, but they do charge them each time someone downloads the data. So if container registries are like an app store where everyone comes to download container images, the egress fees can go up very, very fast. This work discouraged review of the security of container registries, because no one wanted to bear the cost associated with offering a more secure alternative.

The breakthrough for Chainguard came when Internet infrastructure company Cloudflare Announced the general availability of its R2 Storage service in September. The goal of the product is to offer low egress fees to Cloudflare customers and even no fees for infrequently downloaded data. Once R2 emerged as an option, Chainguard researchers had everything they needed to move forward with a more secure registry.


—————————————————-

Source link

We’re happy to share our sponsored content because that’s how we monetize our site!

Article Link
UK Artful Impressions Premiere Etsy Store
Sponsored Content View
ASUS Vivobook Review View
Ted Lasso’s MacBook Guide View
Alpilean Energy Boost View
Japanese Weight Loss View
MacBook Air i3 vs i5 View
Liberty Shield View

🔥📰 For more news and articles, click here to see our full list. 🌟✨

👍🎉 Don’t forget to follow and like our Facebook page for more updates and amazing content: Decorris List on Facebook 🌟💯

📸✨ Follow us on Instagram for more news and updates: @decorrislist 🚀🌐

🎨✨ Follow UK Artful Impressions on Instagram for more digital creative designs: @ukartfulimpressions 🚀🌐

🎨✨ Follow our Premier Etsy Store, UK Artful Impressions, for more digital templates and updates: UK Artful Impressions 🚀🌐