Difference between revisions of "SecDocker"

From Security Unileon
Line 11: Line 11:
 
=== How it works ===
 
=== How it works ===
  
The application is placed on the outside so all the Docker traffic is redirected to itself. Then, it performs all the checks as well as external validations with the plugins. If every option is allowed and the plugins reported a positive result, then SecDocker will apply some general restrictions and finally, send the request to the Docker daemon
+
The application is placed on the outside so all the Docker traffic is redirected to itself. Then, it performs all the checks as well as external validations with the plugins. If every option is allowed and the plugins reported a positive result, then SecDocker will apply some general restrictions and finally, send the request to the Docker daemon.
  
 
[[File:SecDocker-flow.png]]
 
[[File:SecDocker-flow.png]]

Revision as of 09:04, 4 November 2021

SecDocker

SecDocker

An application firewall for Docker

Description

SecDocker is a Go application that acts as a firewall for Docker. It's designed to receive all the traffic that goes to the Docker API / socket and drop the requests that contain unauthorized parameters. You can provide rules and specifications as well as general restrictions to be applied to every request, modifying the traffic as it goes to the Docker daemon.

How it works

The application is placed on the outside so all the Docker traffic is redirected to itself. Then, it performs all the checks as well as external validations with the plugins. If every option is allowed and the plugins reported a positive result, then SecDocker will apply some general restrictions and finally, send the request to the Docker daemon.

SecDocker-flow.png

Code / External link

You can find the application on our Github repository:

SecDocker Repository