Difference between revisions of "SecDocker"
SecurityAdm (talk | contribs) |
SecurityAdm (talk | contribs) |
||
Line 11: | Line 11: | ||
=== How it works === | === How it works === | ||
− | The application is placed on the outside so all the Docker traffic is redirected to itself. Then, it performs all the checks as well as external validations with the plugins. If every option is allowed and the plugins reported a positive result, then SecDocker will apply some general restrictions and finally, send the request to the Docker daemon | + | The application is placed on the outside so all the Docker traffic is redirected to itself. Then, it performs all the checks as well as external validations with the plugins. If every option is allowed and the plugins reported a positive result, then SecDocker will apply some general restrictions and finally, send the request to the Docker daemon. |
[[File:SecDocker-flow.png]] | [[File:SecDocker-flow.png]] |
Revision as of 09:04, 4 November 2021
SecDocker
An application firewall for Docker
Description
SecDocker is a Go application that acts as a firewall for Docker. It's designed to receive all the traffic that goes to the Docker API / socket and drop the requests that contain unauthorized parameters. You can provide rules and specifications as well as general restrictions to be applied to every request, modifying the traffic as it goes to the Docker daemon.
How it works
The application is placed on the outside so all the Docker traffic is redirected to itself. Then, it performs all the checks as well as external validations with the plugins. If every option is allowed and the plugins reported a positive result, then SecDocker will apply some general restrictions and finally, send the request to the Docker daemon.
Code / External link
You can find the application on our Github repository: