As part of our Blackhat Europe talk “Reverse Engineering and Exploiting Builds in the Cloud” we publicly released a new tool called Terrier.
In this blog post, I am going to show you how Terrier can help you identify and verify container and image components for a wide variety of use-cases, be it from a supply-chain perspective or forensics perspective. Terrier can be found on Github.
When we open-sourced buildpacks nearly seven years ago, we knew they would simplify the application deployment process. After a developer runs git push heroku main, a buildpack ensures the application's dependencies and compilation steps are taken care of as part of the deploy.
As previously announced, we've taken the same philosophies that made buildpacks so successful and applied them towards creating Cloud Native Buildpacks (CNB), a standard for turning source code into Docker images without the need for Dockerfiles. In this post, we'll take a look at how CNBs work, how they aim to solve many of the problems that exist with Dockerfile, and how you can use them with the...
Last October, we announced the ability for you to deploy pre-built Docker images to Heroku via Container Registry. Today, building Docker images with heroku.yml is generally available; you can now:
git push heroku master to build your Docker images on HerokuFor most teams, using containers in production requires you to spend time setting up and maintaining complex infrastructure. By using heroku.yml to build your Docker images, you get the power and flexibility of using Docker to package your app, combined with Heroku’s high-productivity developer experience, container orchestration, an add-ons ecosystem, and managed...
Your Heroku application's journey to production begins with a buildpack that detects what kind of app you have, what tools you need to run, and how to tune your app for peak performance. In this way, buildpacks reduce your operational burden and let you to spend more time creating value for your customers. That's why we're excited to announce a new buildpack initiative with contributions from Heroku and Pivotal.
The Cloud Native Computing Foundation (CNCF) has accepted Cloud Native Buildpacks to the Cloud Native Sandbox. Cloud Native Buildpacks turn source code into Docker images. In doing so, they give you more power to customize your runtime while making your apps more...
Containers, specifically Docker, are all the rage. Most DevOps setups feature Docker somewhere in the CI pipeline. This likely means that any build environment you look at, will be using a container solution such as Docker. These build environments need to take untrusted user-supplied code and execute it. It makes sense to try and securely containerize this to minimize risk.
In this post, we’re going to explore how a small misconfiguration in a build environment can create a severe security risk.
It's important to note that this post does not describe any inherent vulnerability in Heroku, Docker, AWS CodeBuild, or containers in general, but discusses a misconfiguration issue that was...
Browse the blog archives or subscribe to the full-text feed.