Run local Juice Shop
docker run --rm -p 3000:3000 bkimminich/juice-shop
Fast Guide
Here are the top three things to avoid when creating your container.
1.Does not execute your container with Root
Define a user to execute your application.
FROM alpine:3.12
RUN groupadd -r myuser && useradd -r -g myuser myuser
<HERE DO WHAT YOU HAVE TO DO AS A ROOT USER LIKE INSTALLING PACKAGES ETC.>
USER myuser
You can also choose to execute the container in rootless mode
2.Choose an official image and use a specific tag.
We are (badly) accustomed to using the good old myimage:latest
, however, we may have some unpleasant surprises if any of these images are updated and break our code. So, only use official images with a well-defined tag:
# 🚫
FROM alpine
# ✅
FROM alpine:3.12
3.Execute a vulnerability scan.
Whenever you are going to build your image, perform a scan to check for any concerning vulnerabilities in it (with a main focus on HIGH and CRITICAL issues).
One of choice is use to Trivy.
Usefull links
Articles
- Oficial - Docker security
- OWASP - Docker Security Cheat Sheet
- Aqua - Top 20 Docker Security Best Practices: Ultimate Guide
- Snyk - 10 best practices to build a Java container with Docker
Videos
HackerSploit - Docker Security Essentials | How to Secure Docker Containers
TechWorld with Nana - Top 8 Docker Best Practices for using Docker in Production
Labs / Tutorials / Courses
- TryHackMe
- Play With Docker
- FreeCodeCamp :: Docker Containers and Kubernetes Fundamentals - Full Hands-On Course
Tools
Top comments (0)