fidzu : Docker

Coding agents like Claude Code, Gemini CLI, Codex, Kiro, and OpenCode are changing how developers work. But as these agents become more autonomous with capabilities like deleting repos, modifying files, and accessing secrets, developers face a real problem: how do you give agents enough access to be useful without adding unnecessary risk to your local...

25 Nov 2025 3:00pm GMT

In today's software-driven economy, securing software supply chains is no longer optional, it's mission-critical. Yet enterprises often struggle to balance developer speed and security. According to theCUBE Research, 95% of organizations say Docker improved their ability to identify and remediate vulnerabilities, while 79% rate it highly effective at maintaining compliance with security standards. Docker embeds...

25 Nov 2025 2:04pm GMT

On November 21, 2025, security researchers detected the beginning of what would become one of the most aggressive npm supply chain attacks to date. The Shai Hulud 2.0 campaign compromised over 25,000 GitHub repositories within 72 hours, targeting packages from major organizations including Zapier, ENS Domains, PostHog, and Postman. The malware's self-propagating design created a...

24 Nov 2025 9:04pm GMT

On November 12-14, the Docker team was out in numbers at JFrog SwampUP Berlin 2025. We joined technical sessions, put on a fireside chat, and had conversations with attendees there. We'd like to thank the folks at JFrog for having us there and putting on such a great show! Here's our takeaways from the event about software...

21 Nov 2025 10:43pm GMT

On November 19, 2025, the Golang project published two Common Vulnerabilities and Exposures (CVEs) affecting the widely-used golang.org/x/crypto/ssh package. While neither vulnerability received a critical CVSS score, both presented real risks to applications using SSH functionality in Go-based containers. CVE-2025-58181 affects SSH servers parsing GSSAPI authentication requests. The vulnerability allows attackers to trigger unbounded memory...

21 Nov 2025 6:40pm GMT

When I started incorporating AI tools into my workflow, I was first frustrated. I didn't get the 5x or 10x gains others raved about on social. In fact, it slowed me down. But I persisted. Partly because I see it as my professional duty as a software engineer to be as productive as possible, partly...

21 Nov 2025 2:00pm GMT

Expanding Docker Model Runner's Capabilities Today, we're excited to announce that Docker Model Runner now integrates the vLLM inference engine and safetensors models, unlocking high-throughput AI inference with the same Docker tooling you already use. When we first introduced Docker Model Runner, our goal was to make it simple for developers to run and experiment...

20 Nov 2025 1:44pm GMT

Mark Lechner, Docker's CISO, shares his vision for a future where Docker not only powers the software supply chain, but actively safeguards it. Cybersecurity has reached a turning point. The most significant threats no longer exploit isolated systems; they move through the connections between them. The modern attack surface includes every dependency, every container, and...

19 Nov 2025 4:55pm GMT

The era of AI agents has arrived, and with it, a new standard for how they connect to tools: the Model Context Protocol (MCP). MCP unlocks powerful, flexible workflows by letting agents tap into external tools and systems. But with thousands of MCP servers (including remote ones) now available, it's easy to ask: Where do...

19 Nov 2025 2:00pm GMT

Building and Running Custom Models Is Still Hard Running AI models locally is still hard. Even as open-source LLMs grow more capable, actually getting them to run on your machine, with the right dependencies, remains slow, fragile, and inconsistent. There's two sides to this challenge: Model creation and optimization: making fine-tuning and quantization efficient. Model...

18 Nov 2025 5:57pm GMT