Skip to content

gbrindisi/dockerfile-security

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
dockerfile-security.rego
dockerfile-security.rego
 
 

Repository files navigation

Dockerfile Security

A collection of OPA rules to statically analyze Dockerfiles to improve security.

Dockerfile Security best practices

The rules are a set of security best practices as explained here.

How to use

Rules are written in Rego language from Open Policy Agent

You can use conftest in your CI/CD pipeline to analyze Dockerfiles:

conftest test --policy dockerfile-security.rego Dockerfile

Example output:

conftest test --policy dockerfile-security.rego  Dockerfile
FAIL - Dockerfile - Do not run as root, use USER instead
FAIL - Dockerfile - Line 0: use a trusted base image
FAIL - Dockerfile - Line 6: Use COPY instead of ADD
FAIL - Dockerfile - Line 8: Do not use 'sudo' command

8 tests, 4 passed, 0 warnings, 4 failures, 0 exceptions

About

A collection of OPA rules to statically analyze Dockerfiles to improve security

cloudberry.engineering/article/dockerfile-security-best-practices/

Resources

Readme

License

GPL-3.0 license
Activity

Stars

262 stars

Watchers

16 watching

Forks

91 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages