Open software ecosystems are beneficial for customers; they benefit from 3rd party services and applications, e.g. analysis of data using apps, developed and deployed by other companies or open-source communities. One significant advantage of this approach is that other customers may benefit from these newly developed applications as well. Especially software ecosystems utilizing container technologies are prone to certain risks. Docker, in particular, is more vulnerable to attacks than hypervisor based virtualisation as it directly operates on the host system. Docker is a popular representative of containerisation technology which offers a lightweight architecture in order to facilitate the set-up and creation of such software ecosystems. Popular Infrastructure as a Service cloud service providers, like Amazon Web Services or Microsoft Azure, jump on the containerisation bandwagon and provide interfaces for provisioning and managing containers. Companies can benefit from that change of technology and create software ecosystems more efficiently. In this paper, we present a new concept for significant security improvements for cloud-based software ecosystems using Docker for 3rd party app integration. Based on the security features of Docker we describe a secure integration of applications in the cloud environment securely. Our approach considers the whole software lifecycle and includes sandbox testing of potentially dangerous 3rd party apps before these became available to the customers.

翻译：开放软件生态系统对客户有益，他们能够受益于第三方服务和应用程序，例如使用由其他公司或开源社区开发部署的应用进行数据分析。这种方式的一大优势在于，其他客户也可以从这些新开发的应用中获益。采用容器技术的软件生态系统尤其容易面临特定风险。特别是Docker，由于它直接在主机系统上运行，因此比基于虚拟化监控器的虚拟化技术更容易受到攻击。Docker是容器化技术的典型代表，它提供轻量级架构以促进此类软件生态系统的搭建与创建。主流的基础设施即服务（IaaS）云服务提供商，如亚马逊云服务（AWS）和微软Azure，正纷纷投入容器化技术的浪潮，并提供配置和管理容器的接口。企业可借此技术变革之机，更高效地创建软件生态系统。本文提出了一种新概念，旨在显著提升使用Docker进行第三方应用集成的云软件生态系统的安全性。基于Docker的安全特性，我们描述了一种在云环境中安全集成应用的方法。该方法考虑了整个软件生命周期，并在潜在危险的第三方应用向客户开放前，对其进行沙箱测试。