If you’re an engineering manager and someone is going to deploy code based on your product, you should do at least a little research about security best practices.If you’re a product manager talking about “deployment”, you need to make sure security, and to a lesser extent operational correctness, are part of the requirements.The issues are the marketing-on the extension page, for example-that says you can “deploy” these images, and the corresponding management failure to ensure this promise is followed up on: Yes, there are some mistakes in the implementation, but we all make mistakes- I’ve made plenty. The generated Dockerfiles are perfectly fine for local development, and so I don’t feel the developers who implemented this feature are particularly to blame. The nature of the problem: a management failureīefore I show you how these Docker images are insecure, it’s worth explaining who is at fault, and why this is such a problem. They don’t seem to think installing security updates is worthwhile, though. Update: The VS Code team has started fixing this the latest release (1.1) fixes one of the issues (running as root). That’s because the Dockerfiles it creates are insecure and operationally broken. This sounds quite convenient: you don’t have to write your own, your editor will do it for you.īut while the extension claims it “makes it easy to build, manage, and deploy containerized applications,” you don’t actually want to deploy the images it generates. Visual Studio Code is a popular editor, and its Docker extension now supports generating Dockerfiles for Flask and Django.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |