I've been seeing a lot of discussions about securing and hardening Docker containers lately. It made me wonder if there is an official or semi-official tool out there that can analyze Docker configurations or stacks and provide recommendations for hardening them or correcting/optimizing the settings. I have numerous Docker containers for various projects, some of which I built myself and others that I downloaded. While most of them aren't exposed to the internet, a few are, and with my limited time, I'd appreciate any help beyond the basic best practices.
3 Answers
For best practices, try using Trivy for CVE scanning, and Dockle to check your Dockerfile practices. However, many straightforward measures can significantly boost security without a scanner, like setting cap_drop ALL, avoiding Docker socket mounts, and making the root filesystem read-only where you can.
I personally recommend using Trivy's free product for image scanning. It's straightforward and gets the job done.
For base images, consider using Docker Hardened Images if you want something open-source. You can also check out Docker Scout for scanning without needing to install too many additional tools.
Related Questions
Daily Protein Intake Calculator
Daily Calorie Intake Calculator
BMI Calculator – Check Your Body Mass Index Instantly
Scavenger Hunt Team Randomizer
Student Group Randomizer
Random Group Generator