Welcome to the first issue of Docker Security Dispatch. This newsletter covers Docker security, container supply chains, and the community around them. The first issue of the newsletter was published on April 1st, 2026, on the following platforms:
I'm bringing the series to DEV.to as well, so I'm sharing the first issue with 2 months of delay.
Key Takeaways
- Celebrate Docker's 13th anniversary with the launch of the dark fantasy security guide, 'Black Forest Shadow'.
- Get insights from the Docker Commandos v1.5 workshop focused on supply-chain security.
- Learn about the '10 Docker Commandos' framework for hunting security threats.
- Recap the most significant Docker book releases from the first quarter of 2026.
π Docker Turns 13
Docker turned 13 on March 20, 2026. Thirteen years since Solomon Hykes demoed docker run at PyCon.
I published my second book on Friday, March 13thβDocker's birthday, and a Friday the 13th. I couldn't resist.
Black Forest Shadow β A Dark Fantasy Guide to Docker and Kubernetes Security
A dark fantasy novel set in the Black Forest of 1865 that teaches Docker and Kubernetes security through narrative β covering CVE hunting, SBOM generation, runtime hardening, and container security.
dockersecurity.io
Black Forest Shadow: A Dark Fantasy Guide to Docker and Kubernetes Security grew out of the Advent of Docker Security series I published in December 2025β24 daily posts set in the Black Forest of 1865, where shadow creatures called CVEs were spreading through villages. After the series ended, I wrote seven more chapters, compiled the whole thing, and turned it into a book.
Each chapter maps to a real security technique: CVE triage, SBOM generation, OCI 1.1 attestations, vulnerability scanning, container hardening, runtime security with Falco, lateral movement prevention. Gord, RothΓΌtle, Jack, and Evie are also the Docker Commandos from the workshop series. The book is their origin story.
Where to get it:
- DockerSecurity.io β PDF, ePub, and print
- Amazon
- Thalia and Hugendubel for DACH print
ποΈ Docker Commandos at Rabobank
On March 27, I delivered Docker Commandos v1.5 at Rabobank in Utrecht, as part of their Docker Champions program. About 20 people attended.
Docker Commandos is a workshop where 10 fictional commandos, each paired with a Docker security command, guide participants through a mission to defend Asgard from CVE monsters. v1.5 covers the full supply-chain pipeline: from docker init to cryptographic image signing with Cosign and zero-day runtime defense. Two new commandos join in this version.
The full workshop materials:
Docker Commandos v1.5 β Docker Commandos Workshop - Docker and Kubernetes Security
Docker Commandos v1.5 at Rabobank, part of their Docker Champions program. Full supply-chain security pipeline from Docker Init to cryptographic signing and zero-day runtime defense.
dockersecurity.io
π° JavaPro: "10 Docker Commandos"
On March 19, JavaPro published my article "10 Docker Commandos: Docker Commands to Hunt the Predator"βthree days before I ran the workshop at Rabobank, which was good timing.
The article uses the React2Shell supply chain attack (CVE-2025-55182) as the threat model. Attackers deployed crypto miners within hours of disclosure. The 10 commandos walk through the response: Lockdown β SBOM β Scout β SBOM Attestations β Docker Init β Hardened Images β Exempted CVEs β VEX Attestation β Docker Bake β Zero-Day Defense.
javapro.io
π Q1 2026 Docker Books
Five Docker books came out in the first quarter of 2026. Three of them by Docker Captains, which I think is a first.
The Complete Docker Read List: Q1 2026 Edition - Docker and Kubernetes Security
A curated reading list of the best books on Docker and Kubernetes for the first quarter of 2026, featuring releases from Docker Captains and industry experts.
dockersecurity.io
π Next: JCON Europe, Cologne, April 20
On April 20, I had the honor of doing a workshop at JCON Europe 2026 in Cologne with "Java Supply Chain Security with Docker"βDocker Commandos adapted for a Java audience. Same pipeline, Java project as the target.
Java Supply Chain Security with Docker β Docker Commandos Workshop - Docker and Kubernetes Security
Docker Commandos adapted for a Java audience at JCON Europe 2026. Supply chain security, SBOMs, and attestations β using Docker tooling with a Java project as the target.
dockersecurity.io
Questions or feedback: dockersecurity.io/contact.
Top comments (0)