1) How the image you put in the FROM was created. Who did it?
2) Verify that it was not modified after its creation. Do you check the SHAsum or the md5sum?
3) Check the content of the image. Use the software you need, nothing more. Don’t add any more vulnerability entries.
4) Scan for security vulnerabilities.
5) Run with the correct user, nothing of the root user.
6) Use environment variables to pass the password.
Nothing to put it in the Dockerfile.
7) Use tools like Clair, Bayan, that perform a static analysis of the contents of the containers.
https://github.com/banyanops/collector
https://github.com/docker/docker-bench-security
https://dzone.com/articles/docker-container-anti-patterns