Docker's security-in-depth approach covers the whole software life cycle, from image signing and scanning at build time through to container isolation and management at runtime. I'll end this chapter with an overview of the security features that are implemented in swarm mode.
Distributed software offers a lot of attractive attack vectors. Communication between components can be intercepted and modified. Rogue agents can join the network and gain access to data or run workloads. Distributed data stores can be compromised. Docker swarm mode, which is built on top of the open source SwarmKit project, addresses these vectors at a platform level so that your application is running on a secure base by default.