A wave of escalating software supply chain attacks—including the axios npm compromise attributed to North Korea's Lazarus Group, the TeamPCP campaign, and GlassWorm—has prompted Docker's CISO to outline concrete defensive practices. The core problem is implicit trust: organizations trust container tags, GitHub Actions, and CI/CD secrets without verification. Recommended mitigations include using verified/hardened base images with SLSA attestations, pinning all dependencies to digests or commit SHAs, enforcing cooldown periods before adopting new dependency versions, generating SBOMs at build time, scoping CI/CD credentials narrowly with short lifetimes, deploying canary tokens on developer machines, auditing credential sprawl, and sandboxing AI coding agents in isolated microVMs. The post also covers governing MCP servers and building incident response playbooks. Docker frames these as practices they follow internally and provides links to their own tooling (Docker Hardened Images, Docker Scout, Docker Sandboxes).
Table of contents
The common thread is implicit trustSecure your foundationsSecure your CI/CDSecure your endpointsSecure your AI developmentBuild muscle for incident responseThe landscape has changed, your defaults should tooSort: