Dockerfile Security Save

A collection of OPA rules to statically analyze Dockerfiles to improve security

Project README

Dockerfile Security

A collection of OPA rules to statically analyze Dockerfiles to improve security.

Dockerfile Security best practices

The rules are a set of security best practices as explained here.

How to use

Rules are written in Rego language from Open Policy Agent

You can use conftest in your CI/CD pipeline to analyze Dockerfiles:

conftest test --policy dockerfile-security.rego Dockerfile

Example output:

conftest test --policy dockerfile-security.rego  Dockerfile
FAIL - Dockerfile - Do not run as root, use USER instead
FAIL - Dockerfile - Line 0: use a trusted base image
FAIL - Dockerfile - Line 6: Use COPY instead of ADD
FAIL - Dockerfile - Line 8: Do not use 'sudo' command

8 tests, 4 passed, 0 warnings, 4 failures, 0 exceptions

Open Source Agenda is not affiliated with "Dockerfile Security" Project. README Source: gbrindisi/dockerfile-security

Stars

255

Open Issues

Last Commit

1 year ago

Repository

gbrindisi/dockerfile-security

License

GPL-3.0

Homepage

https://cloudberry.engineering/article/dockerfile-security-best-practices/

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/dockerfile-security"><img src="https://www.opensourceagenda.com/projects/dockerfile-security/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022