DEV Community

Iannetta
Iannetta

Posted on

Docker

Run local Juice Shop

docker run --rm -p 3000:3000 bkimminich/juice-shop
Enter fullscreen mode Exit fullscreen mode

Fast Guide

Here are the top three things to avoid when creating your container.

1.Does not execute your container with Root

Define a user to execute your application.

FROM alpine:3.12
RUN groupadd -r myuser && useradd -r -g myuser myuser
<HERE DO WHAT YOU HAVE TO DO AS A ROOT USER LIKE INSTALLING PACKAGES ETC.>
USER myuser
Enter fullscreen mode Exit fullscreen mode

You can also choose to execute the container in rootless mode

2.Choose an official image and use a specific tag.

We are (badly) accustomed to using the good old myimage:latest, however, we may have some unpleasant surprises if any of these images are updated and break our code. So, only use official images with a well-defined tag:

# 🚫 
FROM alpine

# ✅
FROM alpine:3.12
Enter fullscreen mode Exit fullscreen mode

3.Execute a vulnerability scan.

Whenever you are going to build your image, perform a scan to check for any concerning vulnerabilities in it (with a main focus on HIGH and CRITICAL issues).

One of choice is use to Trivy.


Usefull links
Articles


Videos
HackerSploit - Docker Security Essentials | How to Secure Docker Containers
TechWorld with Nana - Top 8 Docker Best Practices for using Docker in Production


Labs / Tutorials / Courses


Tools

Top comments (0)