GigaTap articles tagged docker.
- Sandbox Security: Enforcing Isolation for AI and Containers - Sandbox security enforces boundaries, resource limits, and monitoring to prevent processes from escaping isolation in AI and container workloads.
- Docker Targets the Real AI Agent Risk: Local Control - Docker’s AI Governance announcement treats developer laptops as an agent execution surface, with controls for commands, network access, credentials, and MC
- Docker’s Copy Fail fix is about kernel surface, not a breach - Docker says CVE-2026-31431 does not compromise its infrastructure, but older Docker Engine profiles exposed the AF_ALG socket surface used by the exploit p
- Docker’s Gordon brings AI into the container workflow - Docker’s new Gordon agent can inspect logs, Compose files, images, and local Docker state, then propose approved fixes. The value is context; the risk is h
- ClickHouse blocked by CVEs? Check the container base - Docker’s ClickHouse case study shows why production scans often fail on packaging, not the database itself — and what teams can remove before release.
- Docker and Black Duck target container CVE noise - Docker says Black Duck can identify Docker Hardened Images, use VEX data, and suppress base-image findings marked not affected. The value is cleaner triage