for-linux VS cli

Software Version Description Docker Engine Version 20.10.10-ce+ or higher For installation instructions, see https://docs.docker.com/engine/installation/ Docker Compose docker-compose (v1.18.0+) or docker compose v2 (docker-compose-plugin) For installation instructions, see https://docs.docker.com/compose/install/ OpenSSL Latest is preferred Used to generate certificate and keys for Harbor

Install the Docker CLI.

Reading the GitHub issue about this is somewhat entertaining: https://github.com/docker/for-linux/issues/690

People are getting hacked a lot because of this, and docker doesn't seem to care all that much.

Docker: A tool for building, running, and managing Docker containers

possibly useful: https://github.com/docker/for-linux/issues/690 (Docker bypasses ufw firewall rules)

Sure - I work in an environment where I have to be on the VPN to access Snowflake. I also have to use Windows. The easiest dev environment for that is to install WSL2 and do the development in Ubuntu therein. However, the way that WSL2 manages Ubuntu is through some Windows host processes instead of the daemons that typically are used when you run Ubuntu. You can search around and find various reports about this - it manifests as "Cannot connect to the docker daemon." Here is one example from a quick search. On Windows, the way that you can easily get around that, if your org supports it, is to run Docker Desktop for Windows, which then manages that daemon process. That's all fine and good, but WSL has issues with routing traffic through VPNs for some reason. Again, here is a quick example of the type of things you'll find when you Google about this problem.

For a more universal configuration, setting the ip option in Docker's daemon.json file should tell Docker to only bind to that IP address. It does sound like there may be some bugs with this setting though, so your mileage may vary.

One workaround I've found is: https://github.com/docker/for-linux/issues/1437

Thank you. Your link is probably solution, it looks similar to the post I found before on github (and I was afraid to use it).

We are pleased to introduce Semantic Versioning and release channels to Snyk CLI from v.1.1291.0 onwards. In this blog post, we will share why we are introducing these changes, what problems these changes solve for our customers, and how our customers can opt-in according to their needs.

You can use tools such as Snyk to generate your reports. Snyk also powers the docker scan command that's integrated into Docker's CLI.

Scan your projects for vulnerabilities regularly More development platforms add features to check if the dependencies of your application contain a vulnerable packages. In modern ASP.NET you can use dotnet list package --vulnerable and in NPM you can use npm audit. It's even better to automatically scan your dependencies regularly. You can use tools like snyk or mend.io (formerly Whitesource) to help you with that. Those tools are expensive but have some advanced features.

Snyk

Hi folks, I'm diving into Snyk this time. This is a platform for developer security that helps protect infrastructure as code, dependencies, containers, and code. Snyk includes the following products and mostly focuses on security and dependency monitoring:

In this article, you learned all about how SQL injections manifest in Node.js applications and discovered multiple strategies to help prevent them. From updating your ORM and SQL libraries, sanitizing user inputs, and using query placeholders to leveraging the Snyk IDE extension for Visual Studio Code, you have a whole host of measures to secure your Node.js applications against SQL injection attacks.

Snyk is one of the most popular tools to work with security stuff and helps you to find vulnerabilities in your not just codebase but infrastructure.

So you've just bought a new platform tool? Maybe it's Hashicorp Vault? Snyk? Backstage? You’re excited about all of the developer experience, security and other benefits you're about to unleash on your company—right? But wait…

Snyk can also be used as an IDE extension to find insecure code in React codebases and can help you fix any security vulnerabilities in open source dependencies.