Blog

Recapping JCON Europe, the Mini Shai-Hulud attack, an interview with Baruch Sadogursky, the 'Whispering JAR' in JAVAPRO, Foojay.io debut, Docker Sandboxes, and upcoming talks.

A deep dive into the Mini Shai-Hulud attack, a sophisticated NPM worm that uses the Bun runtime to bypass security and targets developer agents for persistence.

Am I vulnerable? That's the first question a CTO might ask in the case of a new CVE. To answer it, you need to know what's inside your container. SBOM is the word of the day. Especially, since EU Resilience Act makes it mandatory.

The first issue of Docker Security Dispatch: Docker's 13th birthday, the launch of Black Forest Shadow, a workshop at Rabobank, a JavaPro article, the best Docker book quarter in years, and what's next at JCON.

Java 26 just landed. Here's how to Dockerize a Spring Boot project from scratch using Docker Init—the first move in the Docker Commandos playbook.

Hands-on workshop materials for the 10 Docker Commandos at Rabobank, covering SBOM generation, CVE scanning, hardened images, VEX exemptions, Docker Bake, Cosign signing, and zero-day defense.

A curated reading list of the best books on Docker and Kubernetes for the first quarter of 2026, featuring releases from Docker Captains and industry experts.

How Docker Commandos evolved into Black Forest Commandos, connecting the narrative-driven security workshop with the origin story in the Black Forest Shadows universe.

Learn how to implement security best practices in multi-stage Docker builds, from source code to production images.

Docker Hardened Images are now open-source under Apache 2.0 license and free to use in your projects.