Chris McLellan – Docker https://www.docker.com Thu, 20 Apr 2023 14:15:45 +0000 en-US hourly 1 https://wordpress.org/?v=6.2.2 https://www.docker.com/wp-content/uploads/2023/04/cropped-Docker-favicon-32x32.png Chris McLellan – Docker https://www.docker.com 32 32 Docker Desktop 4.18: Docker Scout Updates, Container File Explorer GA https://www.docker.com/blog/docker-desktop-4-18/ Wed, 05 Apr 2023 16:52:44 +0000 https://www.docker.com/?p=41810 We’re always looking for ways to enhance your experience with Docker, whether you’re using an integration, extension, or directly in product. Docker Desktop 4.18 focuses on improvements in the command line and in Docker Desktop. 

Read on to learn about new CLI features in Docker Scout, and find out about Docker init, an exciting CLI Beta feature to help you quickly add Docker to any project. We also review new features to help you get up and running with Docker faster: Container File Explorer, adminless macOS install, and a new experimental feature in Docker Compose.

4.18 numbers on a blue background

Docker Scout CLI

In Docker Desktop 4.17, we introduced Docker Scout, a tool that provides visibility into image vulnerabilities and recommendations for quick remediation. We are delighted to announce the release of several new features into the Docker Scout command line, which ships with Docker Desktop 4.18. These updates come after receiving an overwhelming amount of community feedback. 

The 4.18 release of Docker Scout includes a vulnerability quickview, image recommendations directly on the command line, improved remediation guidance with BuildKit SBOM utilization, and a preview feature comparing images (imagine using diff, but for container images).

Quickview 

Suppose that you have created a new container image and would like to assess its security posture. You can now run docker scout quickview for an instant, high-level security insight into your image. If any issues are found, Docker Scout will guide you on what to do next.

A screenshot of the command-line interface (CLI) showing image vulnerability output from the new 'docker scout quickview' command.
`docker scout quickview` output showing image vulnerability information

Command-line recommendations

If you’ve previously used docker scout cves to understand which CVEs exist in your images, you may have wondered what course of action to take next. With the new docker scout recommendations command, you receive a list of recommendations that directly suggest available updates for the base image. 

The docker scout recommendations command analyzes the image and displays recommendations to refresh or update the base image, along with a list of benefits, including opportunities to reduce vulnerabilities or how to achieve smaller image sizes.

A screenshot of the command-line interface (CLI) showing updates for vulnerable image after using the 'docker scout recommendations' command.
‘docker scout recommendations’ output showing available image updates for vulnerable images

BuildKit provenance and SBOM attestations 

In January 2023, BuildKit was extended to support building images with attestations. These images can now use the docker scout command line to process this information and determine relevant next steps. We can support this as the docker scout command-line tool knows exactly what base image you built with and can provide more accurate recommendations.

If an image was built and pushed with an attached SBOM attestation, docker scout reads the package information from the SBOM attestation instead of creating a new local SBOM.

To learn how to build images with attestations using BuildKit, read “Generating SBOMs for Your Image with BuildKit.” 

Compare images

Note: This is an experimental Docker Scout feature and may change and evolve over time. 

Retrospectively documenting the changes made to address a security issue after completing a vulnerability remediation is considered a good practice. Docker Desktop 4.18 introduces an early preview of image comparison. 

A screenshot of the command-line interface (CLI) comparing the vulnerability differences between two images and how the packages compare.
Comparison of vulnerability differences between two images

This feature highlights the vulnerability differences between two images and how packages compare. These details include the package version, environment variables in each image, and more. Additionally, the command-line output can be set up in a markdown format. This information can then be used to generate diff previews in pull requests through GitHub Actions. 

We’d love to know what scenarios you could imagine using this diff feature in. You can do this by opening up Docker Desktop, navigating to the Images tab, and selecting Give feedback.

Read the documentation to learn more about these features. 

Container File Explorer 

Another feature we’re happy to announce is the GA release of Container File Explorer. When you need to check or quickly replace files within a container, Container File Explorer will help you do this — and much more — straight from Docker Desktop’s UI. 

You won’t need to remember long CLI commands, fiddle with long path parameters on the docker cp command, or get frustrated that your container has no shell at all to check the files. Container File Explorer provides a simple UI that allows you to:

  • Check a container file system
  • Copy files and folders between host and containers
  • Easily drag and drop files to a container
  • Quickly edit files with syntax highlighting
  • Delete files

With Container File Explorer, you can view your containers’ files at any state (stopped/running/paused/…) and for any container type, including slim-containers/slim-images (containers without a shell). Open the dashboard, go to the Containers tab, open the container action menu, and check your files:

A screenshot of the Docker Desktop interface with the new Container File Explorer feature from the Containers tab.
Container File Explorer UI in Docker Desktop

Adminless install on macOS

We’ve adjusted our macOS install flow to make it super easy for developers to install Docker Desktop without granting them admin privileges. Some developers work in environments with elevated security requirements where local admin access may be prohibited on their machines. We wanted to make sure that users in these environments are able to opt out of Docker Desktop functionality that requires admin privileges.

The default install flow on macOS will still ask for admin privileges, as we believe this allows us to provide an optimized experience for the vast majority of developer use cases. Upon granting admin privileges, Docker Desktop automatically installs the Docker CLI tools, enabling third-party libraries to seamlessly integrate with Docker (by enabling the default Docker socket) and allowing users to bind to privileged ports between 1 and 1024. 

If you want to change the settings you configured at install, you can do so easily within the Advanced tab of Docker Desktop’s Settings.

Docker init (Beta)

Another exciting feature we’re releasing in Beta is docker init. This is a new CLI command that lets you quickly add Docker to your project by automatically creating the required assets: Dockerfiles, Compose files, and .dockerignore. Using this feature, you can easily update existing projects to run using containers or set up new projects even if you’re not familiar with Docker.

You can try docker init by updating to the latest version of Docker Desktop (4.18.0) and typing docker init in the command line while inside a target project folder. docker init will create all the required files to run your project in Docker. 

Refer to the docker init documentation to learn more.

The Beta version of docker init ships with Go support, and the Docker team is already working on adding more languages and frameworks, including Node.js, Python, Java, Rust, and .Net, plus other features in the coming months. If there is a specific language or framework you would like us to support, let us know. Submit other feedback and suggestions in our public roadmap.

Note: Please be aware that docker init should not be confused with the internally-used docker-init executable, which is invoked by Docker when utilizing the –init flag with the docker run command. Refer to the docs to learn more. 

A screenshot of the output for Beta command 'docker init' with Welcome to the Docker Init CLI! displayed
`docker init` command-line output on how to get started

Docker Compose File Watch (Experimental)

Docker Compose has a new trick! Docker Compose File Watch is available now as an Experimental feature to automatically keep all your service containers up-to-date while you work.

With the 4.18 release, you can optionally add a new x-develop section to your services in compose.yaml:

services:
  web:
    build: .
    # !!! x-develop is experimental !!!
    x-develop:
      watch:
        - action: sync
          path: ./web
          target: /app/web
        - action: rebuild
          path: .package.json

Once configured, the new docker compose alpha watch command will start monitoring for file edits within your project:

  • On a change to ./web/App.jsx, for example, Compose will automatically synchronize it to /src/web/App.jsx inside the container.
  • Meanwhile, if you modify package.json (such as by installing a new npm package), Compose will rebuild the image and replace the existing service with an updated version.

Compose File Watch mode is just the start. With nearly 100 commits since the last Docker Compose release, we’ve squashed bugs and made a lot of quality-of-life improvements. (A special shout-out to all our recent first-time contributors!)

We’re excited about Docker Compose File Watch and are actively working on the underlying mechanics and configuration format.

Conclusion

That’s a wrap for our Docker Desktop 4.18 update. This release includes many cool, new features, including some that you can help shape! We also updated the Docker Engine to address some CVEs. As always, we love hearing your feedback. Please leave any feedback on our public GitHub roadmap and let us know what else you’d like to see. 

Check out the release notes for a full breakdown of what’s new in Docker Desktop 4.18.

]]>
Control Dev Environments Better with Hardened Docker Desktop (and More!) https://www.docker.com/blog/hardened-desktop-developer-environments-4-13/ Thu, 20 Oct 2022 14:00:00 +0000 https://www.docker.com/?p=38194 Are you looking for even simpler and faster ways to do what you need in Docker Desktop? Whether you’re an admin looking for new ways to secure the supply chain or a developer who wants to discover new Docker Extensions or streamline your use of Dev Environments, Docker Desktop 4.13 has the updates you’re looking for. Read on to see what’s part of this release! 

Enhanced security and management for Docker Business customers

With this release, we’re introducing a new Docker Desktop security model: Hardened Docker Desktop. This model includes two new features for Docker Business customers — Settings Management and Enhanced Container Isolation.

Settings Management

With Settings Management, admins can configure Docker Desktop’s settings on client machines throughout their org. In the new admin-settings.json file, admins are able to configure important security settings like proxies and network ranges, and ensure that these values can’t be modified by users.

Enhanced Container Isolation

For an extra layer of security, admins can also enable Enhanced Container Isolation, which ensures that any configurations set with Settings Management cannot be modified by user containers. Enhanced Container Isolation ensures that all containers run unprivileged in the Docker Desktop Linux VM using the Linux user-namespace, as well as introducing a host of other security enhancements. These features are the first within Docker’s new Hardened Docker Desktop security model for Docker Business customers, which provides more granular control over Docker Desktop’s Linux VM.

Docker Extensions Categories

The Docker Extension Marketplace continues to grow, with over 25 extensions added since we launched at DockerCon! With all of these new options, it might be hard to know which extension will benefit you the most in your day to day workflows. 

That’s why in Docker Desktop 4.13, you can now search the Extensions Marketplace by title, description, or author. But there’s more — we also now provide a list of categories for filtering as per our roadmap issue.

The below screenshot shows the new categories that allow you to find useful extensions more easily. There’s categories for Kubernetes, security, testing tools, and more!
Are there any extensions you’d like to see in the Marketplace? Let us know here!

docker extensions categories

How can I categorize my extension?

If you plan to publish your extension to the Marketplace, you can specify to which categories your extension belongs to. Add the label com.docker.extension.categories to the extension’s Dockerfile, followed by a list of comma separated values with the category keys defined in the docs.

For instance:

LABEL com.docker.extension.categories=”kubernetes,security”

Note that extensions published to the Marketplace before the 22nd of September 2022 have been auto-categorized by Docker, so if you’re the author of any of these, you don’t have to do anything.

Streamlined Dev Environments Experience

We’ve also made a number of improvements to Dev Environments with Docker Desktop 4.13:

CLI Plugin

Use the new docker dev CLI plugin to get the full Dev Environments experience from the terminal in addition to the Dashboard.

Launch from a Git repo

Now you can quickly launch a new environment from a Git repo:

docker dev create https://github.com/dockersamples/compose-dev-env

Simplified project configuration

Now all you need to get started is a compose-dev.yaml file. If you have an existing project with a .docker/ folder — don’t worry! It’ll be migrated automatically the next time you launch.

Dev Environments is still in beta, and your feedback is more important than ever. You can submit feedback directly from the Dev Environments tab in Docker Desktop.

What other features would make your life easier?

Now that you’ve learned what’s new, let us know what you think! Is there a feature or extension that will make using Docker an even better experience for you? Check out our public roadmap to leave feedback and to see what else is coming.

]]>
Speed boost achievement unlocked on Docker Desktop 4.6 for Mac https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/ Wed, 16 Mar 2022 16:48:02 +0000 https://www.docker.com/blog/speed-boost-achievement-unlocked-on-docker-desktop-4-6-for-mac/

Introducing virtiofs

The 4.6 release of Docker Desktop for Mac contains a number of changes that drastically improve file sharing performance for macOS users. Firstly, developers now have the option of using a new experimental file sharing implementation called virtiofs (the current default is gRPC-FUSE). Secondly, improvements have been made to the way that files are synced between the macOS host and Docker VM. During testing with our amazing macOS community of users, we have observed that these changes have reduced the time taken to complete filesystem operations by up to 98%.

For developers, these incredible gains in speed mean less time waiting for filesystem operations to complete (or building project-specific workarounds to improve performance) and more time focusing on innovation!

Understanding common developer workflows

A common developer workflow when using technologies like Symfony or React is to edit source code located on the macOS host while running the app itself in a Docker container. The source code is shared between the host and the container by using Docker volumes, with a command like the following:

docker run -v /Users/me:/code -p 8080:8080 my-symfony-app

This allows the developer to edit their source code, save the changes and immediately see the results in their browser. Changes made to files located on the host system must propagate quickly and reliably to the container file system for the developer to optimize productivity and have a good user experience. This is where file sharing performance is absolutely critical.

Big performance improvements

Performance is vital when application source code is shared between the host and container. For example when a developer uses the Symfony PHP framework, edits the source code and then reloads the page in the browser, the web-server in the container must re-read many PHP files stored on the host. When considering that modern dependency management can easily bring 10k – 100k files into a project (which linearly increases the performance penalty), this can result in poor performance as the host and container keep in sync via the volume.

The recent changes to Docker Desktop for Mac, including the usage of virtiofs, alleviate this problem and bring drastic improvements to file system performance. Specifically, developers working with an early preview of Docker Desktop 4.6 with virtiofs enabled and changes to file syncing included have observed:

And here are some of the comments we’ve heard from users:

  • This works great on my mac mini M1!, running migrations on my laravel instance is now instant…instead of running for minutes.(Source: Github user feedback)
  • My development setup is ridiculously fast now. Thanks everyone!(Source: Github user feedback)
  • Looking forward to seeing this enhancement land in a released build. It was like night and day! 🙌.” (Source: Github user feedback)

How to enable virtiofs

Virtiofs is only available to users of the following macOS versions:

  • macOS 12.2 and above (for Apple Silicon)
  • macOS 12.3 and above (for Intel)

To enable virtiofs in Docker Desktop:

  • Ensure that you are using Docker Desktop version 4.6, available here
  • Navigate to ‘Preferences’ (the gear icon) > ‘Experimental Features’
  • Select the ‘Use the new Virtualization framework’ and ‘Enable VirtioFS accelerated directory sharing’ toggles
  • Click ‘Apply & Restart’
Screenshot 2022 03 09 at 10.39.21

Your feedback is needed!

Virtiofs is accessible today within Docker Desktop for Mac (version 4.6) and available to all users including Docker Personal free users as well as Docker Pro, Team and Business paid subscription users.

Please download it, give it a try and let us know how it goes. If you discover any problems, please report them on the Mac filesystem performance thread on our public roadmap. For the moment, we are aware of an outstanding issue where containers running with virtiofs can fail due to permission errors. We have released a fix for this in an experimental Desktop build to the Mac filesystem performance thread and will confirm its stability in the coming days.

Likewise, we’re always interested to hear of any performance benchmarks that you may use to test out virtiofs!

Thanks to our macOS community

We’d like to say a massive thank you to our macOS community of users for providing brilliant feedback and testing out the feature so rigorously. In particular, the excellent analysis of file system performance conducted by Konstantinos Tsanaktsidis led to valuable insights around file syncing.

]]>
Docker Desktop 4.2 Release: Save Your Battery with Pause / Resume, and Say Goodbye to the Update Pop-up https://www.docker.com/blog/docker-desktop-4-2-release-save-your-battery-with-pause-resume-and-say-goodbye-to-the-update-pop-up/ Tue, 09 Nov 2021 16:32:00 +0000 https://www.docker.com/blog/docker-desktop-release-2-2-is-here/ With Docker Desktop 4.2 we’re excited to introduce Pause / Resume as well as a host of changes to make it easier for you to manage updates. These features are available to Docker Desktop users on any subscription tier.

Save your battery with Pause / Resume

Pause / Resume gives developers the power to pause their current Docker Desktop session and resume work whenever they want, saving resources on their machine while Docker is paused. When you pause Docker Desktop, the current state of your containers is saved in memory and all processes are frozen. This lowers CPU usage and will help with saving your laptop’s battery life. To resume Docker Desktop, click either the Resume button in the menu or type any Docker CLI command in your terminal.

To try out this feature on Docker Desktop 4.2, navigate to the whale menu and click the ‘Pause’ button. The corresponding content sections for Docker Desktop’s left sidebar items (e.g. Containers) will then be covered to clearly denote the Pause state. 

Please note, Pause / Resume is currently not available in Windows container mode.

image

Say goodbye to the update pop-up

We’ve heard your feedback that the update modal interrupts your workflows and makes it challenging to use Docker Desktop when you need it most. That’s why we’ve done away with the update pop up and introduced a new update settings section in the Docker Dashboard, where you can check for updates and manage your update preferences. We appreciate when our users stay up to date so they get all the latest bug fixes and new features, but we want to make sure that we enable users to do that at a time that’s convenient. 

To summarize what the experience will be like on Docker Desktop 4.2:

Screen Shot 2021 11 02 at 10.20.50 PM
A similar badge will appear in the Docker Dashboard settings icon to make it a seamless experience without interrupting your workflow with a modal. Here you can also manage your software update settings.

Screen Shot 2021 11 01 at 3.01.13 PM

The `Automatically check for updates` setting is now available for all Docker subscription tiers 

Thanks to all of your positive support of the Docker subscription updates, we’ve been able to focus on delivering more value to all users. In Docker Desktop 4.2 we’ve enabled all users, regardless of subscription tier, to turn off automatically checking for updates. When you disable this setting, all notifications in the whale menu and the app will be disabled and you will have to manually check for updates. Just update to Docker Desktop 4.2 to start using this feature!

We also know that people have different preferences when it comes to downloading updates. For some, the background can take a lot of bandwidth and don’t want it to start when they are busy at work or on Zoom calls, but others would rather have less intervention when it comes to updating. Which is why we’ve put the choice in your hands to decide whether updates should automatically download or not.

Screen Shot 2021 11 01 at 3.01.29 PM

We’re considering introducing more settings in the future and would love to know what you think, let us know on our public roadmap item

Coming soon

All of the changes described above are available in 4.2 to all Docker Desktop users, including those on Docker Personal. 

We’re also working on two of your highest voted items from our public roadmap: improving Mac filesystem performance, and implementing Docker Desktop for Linux, so watch this space for more news on those in the coming months. And we would love to know what other improvements you would like to see, so please add a thumbs-up emoji to your highest priorities on the roadmap, or create a new roadmap ticket if your idea isn’t already there.

]]>