We’re working through some vendor assessments for compliance purposes. Do you have a public page where we could view information about the security practices at Docker? The product in question is Docker Hub, large, community edition.
Questions:
- Do you have any certifications such as SOC2, ISO 27001, etc?
- Do you have an internal security risk mitigation program?
- Do you have an internal information security program/privacy policy/etc.?
- Does Docker Hub encrypt data in-flight?
- Does Docker Hub encrypt data at-rest?
- Does Docker perform backups for Docker Hub on a periodic basis?
- Is there any periodic backup restore testing?
I understand that these aren’t questions for the community at large to necessarily answer, but I’m hoping that a representative from the company can chime in.
Thanks!