Ob Stammdatenmanagement in der Industrie, Systemadministration für Versicherungssoftware oder geowissenschaftliche Datenanalyse: Diese Positionen verbinden anspruchsvolle Aufgaben mit moderner Technologie. (Golem Karrierewelt, Wirtschaft)
Quelle: Golem
Datenschutz ist kinderleicht – wenn ein Märchen als Erklärung reicht. Von R. Zehl (Datenschutz, Politik)
Quelle: Golem
Bethesda veröffentlicht eine hochwertige Replik des berühmten Pip-Boy 3000 aus Fallout – mit echten Bedienelementen und animiertem Display. (Fallout, Bethesda)
Quelle: Golem
Ein Magier hat sich durch ein vergessenes Passwort dauerhaft aus dem RFID-Chip in seiner eigenen Hand ausgesperrt. (RFID, Security)
Quelle: Golem
Einem internen Bericht zufolge sollen die Kapazitäten bei Google alle sechs Monate verdoppelt werden. Helfen könnte ein eigener Chip. (Google, Microsoft)
Quelle: Golem
Die britische Armee setzt Videospiele wie Call of Duty zur Kampfvorbereitung ein. Bei einem E-Sports-Turnier sollen Soldaten ihr Können zeigen. (Call of Duty, Spiele)
Quelle: Golem
Google startet die Vermarktung seiner KI-gestützten Suchergebnisse und setzt damit auf einen Vorsprung gegenüber Konkurrenten wie ChatGPT. (Google, KI)
Quelle: Golem
On November 12-14, the Docker team was out in numbers at JFrog SwampUP Berlin 2025. We joined technical sessions, put on a fireside chat, and had conversations with attendees there. We’d like to thank the folks at JFrog for having us there and putting on such a great show!
Here’s our takeaways from the event about software supply chain security trends:
Software supply chain attacks reach unprecedented scale leveraging open source packages
An analysis of recent software supply chain attacks by JFrog’s CTO Asaf Karas shed light on how malicious actors leverage AI and software supply chains on their exploits. Recent attacks combine existing techniques, like phishing, in combination with AI prompts that recursively write and execute code in order to compromise hundreds of thousands of systems running popular open source packages. A few examples include Shai Hulud, Red Donkey, and the recent NPM package phishing attack. So far, despite these attacks’ scale, damages have been limited due to the still rudimentary nature of these exploits. Expect more software supply chain attacks as well as more sophistication in the coming year.
New Roles of Governance as a Security Layer
The best way to avoid software supply chain attacks is to not have malicious code entering software supply chains in the first place. That’s where governance comes into play. Taking control of gate points during the software development lifecycle, for example during dependency scanning, build pipelines, and deployments is not enough. It is necessary to block malicious or risky code before it enters the software supply chain. Not only that, but also tools need increased interoperability to detect all potential attack vectors.
Addressing MCP Challenges in AI Development
MCP’s ability to leverage both deterministic and non-deterministic outcomes by connecting an LLM client to many different servers seems to be the main reasons companies are betting on the technology to build applications that deliver value to customers. Moreover, because each server can run independently from one another, it becomes possible to add governance layers on MCP servers, reducing risks of hallucination or unexpected results. Overall, we agree with JFrog’s assessment and look forward to opportunities where Docker and JFrog MCP technologies can work together for a safer and smoother enterprise AI developer experience.
Building on Strong Open Source Foundations Is Core in the AI Era
The fireside chat between Gal Marder, JFrog’s Chief Strategy Officer, and Michael Donovan, Docker’s VP of Product, explored how organizations can protect themselves from risks in unverified open source dependencies. They emphasized the importance of starting with strong foundations: using hardened images, maintaining them throughout their lifecycle, including those that have reached end of life, and ensuring visibility and governance across every stage. Strong third-party integrations are essential to manage this complexity effectively and extend security and trust from development to delivery.
Conclusion: Build strong foundations, keep it consistent, stay ahead
Software development is changing fast as AI becomes part of everyone’s workflow, developers and attackers alike. The best way to stay ahead is to build protection early by starting with strong foundations and keep it consistent across every stage with governance, visibility, and strong partnerships. Only then can teams innovate with confidence and speed as the landscape evolves. Exciting times!
Learn more
Subscribe to the Docker Navigator Newsletter
Explore the MCP Catalog: Discover containerized, security-hardened MCP servers
Explore the DHI Catalog: Discover secure, minimal, production-ready container images
Docker Partner Programs: Discover trusted partners, tools, and integrations
New to Docker? Create an account
Have questions? The Docker community is here to help
Quelle: https://blog.docker.com/feed/
Amazon EC2 Image Builder now supports automatic versioning for recipes and automatic build version incrementing for components, reducing the overhead of managing versions manually. This enables you to increment versions automatically and dynamically reference the latest compatible versions in your pipelines without manual updates. With automatic versioning, you no longer need to manually track and increment version numbers when creating new versions of your recipes. You can simply place a single ‘x’ placeholder in any position of the version number, and Image Builder detects the latest existing version and automatically increments that position. For components, Image Builder automatically increments the build version when you create a component with the same name and semantic version. When referencing resources in your configurations, wildcard patterns automatically resolve to the highest available version matching the specified pattern, ensuring your pipelines always use the latest versions. Auto-versioning is available in all AWS regions including AWS China (Beijing) Region, operated by Sinnet, AWS China (Ningxia) Region, operated by NWCD, and AWS GovCloud (US) Regions. You can get started from the EC2 Image Builder Console, CLI, API, CloudFormation, or CDK. Refer to documentation to learn more about recipes, components and semantic versioning.
Quelle: aws.amazon.com
AWS Device Farm enables mobile and web developers to test their apps using real mobile devices and desktop browsers. Starting today, you can connect to a fully managed Appium endpoint using only a few lines of code and run interactive tests on multiple physical devices directly from your IDE or local machine. This feature also seamlessly works with third-party tools such as Appium Inspector — both hosted and local versions — for all actions including element inspection.
Support for live video and log streaming enables you to get faster test feedback within your local workflow. It complements our existing server-side execution which gives you the scale and control to run secure enterprise-grade workloads. Taken together, Device Farm now offers you the ability to author, inspect, debug, test, and release mobile apps faster, whether from your IDE, AWS Console, or other environments.
To learn more, see Appium Testing in AWS Device Farm Developer Guide.
Quelle: aws.amazon.com
