Docker and Kubernetes Security – Technical Companion

The Best DevOps Book of the Year finalist for DevOps Dozen 2025.

In 2025, supply chain attacks, AI-driven threats, and sophisticated cloud-native exploits are more common than ever. This book is your up-to-date guide to defending Docker and Kubernetes in this new landscape, using the latest tools and techniques.

Covering every layer of container security, you'll go from foundational concepts to hands-on implementations. Starting with a clear overview of Docker, Kubernetes, and Linux containers, you'll learn how to:

• Build secure container images with SBOMs and attestations using modern standards like OCI 1.1 referrers
• Integrate security into your GitHub Actions and GitLab CI/CD pipelines
• Enforce pod security policies and manage secrets with RBAC
• Monitor Kubernetes runtime activity with Falco and Grafana
• Detect vulnerabilities early using tools like Docker Scout, Trivy, and Snyk
• Apply shift-left security and even Gen AI approaches for smarter defenses

Along the way, you'll tackle real-world challenges like scalability, disaster recovery, and securing multi-tenant clusters. With a focus on supply chain defense, you'll learn how to protect against the very same threats making headlines today—like the recent npm package compromises.

By the end of this book, you'll be ready to address the full spectrum of container security challenges and future-proof your DevOps pipelines, ensuring your applications are robust, secure, and ready for production.