1) How the image you put in the FROM was created. Who did it?
2) Verify that it was not modified after its creation. Do you check the SHAsum or the md5sum?
3) Check the content of the image. Use the software you need, nothing more. Don’t add any more vulnerability entries.
4) Scan for security vulnerabilities.
5) Run with the correct user, nothing of the root user.
6) Use environment variables to pass the password.
Nothing to put it in the Dockerfile.
7) Use tools like Clair, Bayan, that perform a static analysis of the contents of the containers.

https://github.com/banyanops/collector

https://github.com/docker/docker-bench-security

https://github.com/quay/clair

https://dzone.com/articles/docker-container-anti-patterns

https://training.play-with-docker.com/linux-registry-part2/

https://training.play-with-docker.com

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s