Docker CEO Ben Golub In theCUBE

Docker Inc. is rolling out a new version of its namesake container engine that brings security to the fore for the first time since the project hit the scene a year and a half ago. Perhaps not coincidently, the launch follows hot on the heels of the startup teaming up with Microsoft Corp. to make its technology available on Windows Server, a move that’s aimed at the risk-averse enterprise crowd.

The most significant enhancement Docker 1.3 offers over the previous release is a new verification mechanism designed that uses digital signatures to ensure that code downloaded from the official repositories for the container engine is not tampered with in any way. While there’s nothing snazzy about the functionality, its inclusion is a sign that Docker is increasingly getting the attention of security-conscious corporate developers.

On launch, the feature provides a warning whenever unauthorized modifications to a particular piece of code are spotted but doesn’t prevent the code from running. That’s coming later. Docker plans to expand the capability to automatically block malicious software upon detection, and it intends to extend support beyond the Official Repos to non-official sources, which currently account for 80 percent of downloads from the the Docker Hub Registry, which is the app store of the Docker ecosystem. The roadmap for the project also includes other, and more advanced, security functionality such as publisher and image authentication, public key encryption and more.

For the time being, however, users will have to settle for an ominous alert when they’re about to run a piece of malicious code. And as a bonus, Docker 1.3 provides the option to configure the security profiles for the engine in the host operating system – Linux – directly through the native command line interface, which is useful for scenarios in which containers are deployed inside other containers. Rounding out the release are a few conveniences meant to improve usability, most notably the ability to launch helper processors for a containerized application while it’s running and the addition of shared directors to boot2docker, a virtual machine that makes it possible to use the technology on Mac OS.