Security

Main points from this article by Gianluca Brindisi on Docker security:

  • no secrets in environmental variables
  • don’t trust all base images -> use DockerHub base images
  • don’t use latest tag because unpredictable
  • avoid curl bashing because unpredictable
  • avoid upgrading packages because unpredictable
  • don’t ROOT or SUDO

Dockerfile - best practices

Hexops describes some security best practices for Dockerfile As a start, take the demo Dockerfile from slimsag.