Docker Bench for Security
Using Docker to containerize your applications and services can give you some security benefits out of the box, but a default Docker installation still has room for some security-related configuration improvements. The Docker team has provided a tool to analyze your running containers for potential security issues.
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. The tests are all automated, and are inspired by the CIS Docker Community Edition Benchmark v1.1.0.
You can download and run this tool from here: https://github.com/docker/docker-bench-security
I see errors/warnings, what’s next?
Assuming you’re successful in firing off the script (If not, write in comments and I will provide guide), you’ll see output similar to what is pictured below. The script results in Info, Warning, and Pass notes for each of the configuration recommendations, which are grouped into 5 sections:
- Host Configuration
- Docker Daemon Configuration
- Docker Daemon Configuration Files
- Container Images and Build Files
- Container Runtime
With the results of these findings, you can leverage the original benchmark document to remediate them.
Docker Bench for Security is a great security tool because it is made and maintained by the creators of Docker, and it is free. To view the official benchmarks that the tests are based upon, visit Docker CIS Benchmark.
Like to learn?
Follow me on twitter where I post all about the latest and greatest AI, DevOps, VR/AR, Technology, and Science! Connect with me on LinkedIn too!
