Container compliance with dockle
Boxing Rules
If you work in cybersecurity, the mention of the word "compliance" invariably means that you are about to be subjected to a few hours of tedious, repetitive work. Ensuring that thousands of resources are compliant is no mean feat. These days, however, I definitely appreciate the need for systems and processes to meet external compliance frameworks and standards.
To-do lists can often help you stay organized, and this is where compliance tools come to the fore. Putting a check mark next to non-compliant resources after you have remediated them is really the only way to ensure consistent security across modern cloud or on-premise workloads and infrastructure.
In this article, I show you how to determine whether your Docker containers are compliant with the use of a fantastic open source tool called dockle [1]. The compliance standard that dockle checks against is the venerable CIS Benchmarks [2]. For good measure, dockle can also offer advice about Dockerfile linting (automatic checks of configuration files). If you need a little help constructing your Dockerfiles, you are gently reminded to look at the best practices page [3] on the Docker website.
On Your Marks
In this example, I look at installing the dockle binary file for Debian Linux derivatives (e.g., Ubuntu). As you can see in Listing 1, the VERSION variable is created to grab the latest version of the software from the dockle/releases/latest page in GitHub.
Listing 1
Installing
Buy this article as PDF
(incl. VAT)
Buy ADMIN Magazine
US / Canada
UK / Australia
Related content
-
Docker image security analysis
Up your security by determining the provenance of a container image. -
Build and host Docker images
When facing the challenge of packaging your application in a container, take into account your needs in terms of handling and security and investigate sensible options for hosting your own registry. -
Dockerizing Legacy Applications
Sooner or later, you'll want to convert your legacy application to a containerized environment. Docker offers the tools for a smooth and efficient transition. -
Test your containers with the Docker Desktop one-node cluster
The built-in single-node Kubernetes cluster included with Docker Desktop is a handy tool for testing your container. -
Troubleshooting Kubernetes and Docker with a SuperContainer
Keep your containers lean and use a SuperContainer for troubleshooting live services with your favorite tools.
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Most Popular
Support Our Work
ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.
