provides “application-level” virtualisation, where a container shares the kernel with the host operating system.
security controls include:
- using container specific host operating systems that are built with reduced features to limit the host attack surfaces
- segmentation of containers by risk profile and prupose
- Using container specific vulnerability management security tools (EG Docker scout)