Questions about DockerHub security practices

We’re working through some vendor assessments for compliance purposes. Do you have a public page where we could view information about the security practices at Docker? The product in question is Docker Hub, large, community edition.

Questions:

  • Do you have any certifications such as SOC2, ISO 27001, etc?
  • Do you have an internal security risk mitigation program?
  • Do you have an internal information security program/privacy policy/etc.?
  • Does Docker Hub encrypt data in-flight?
  • Does Docker Hub encrypt data at-rest?
  • Does Docker perform backups for Docker Hub on a periodic basis?
  • Is there any periodic backup restore testing?

I understand that these aren’t questions for the community at large to necessarily answer, but I’m hoping that a representative from the company can chime in.

Thanks!

3 Likes