Source: dzone.com
Top 20 Dockerfile Best PracticesCategory: Security, Data, Kubernetes, Docker, container, github, shell
Learn how to prevent security issues and optimize containerized applications by applying a quick set of Dockerfile best practices in your image builds. If you are familiar with containerized applications and microservices, you might have realized that your services might be micro; but detecting vulnerabilities, investigating security issues, and reporting and fixing them after the deployment is making your management overhead macro.
For example, if you were to base a container in a generic ubuntu:xenial image: You would include more than 100 vulnerabilities, as detected by the Sysdig inline scanner, related to the large amount of packages that you are including and probably neither need nor ever use: Do you need the GCC compiler or systemd SysV compatibility in your container?
That way, in case your container is compromised, the range of actions available to an attacker is limited.
For example, if you were to base a container in a generic ubuntu:xenial image: You would include more than 100 vulnerabilities, as detected by the Sysdig inline scanner, related to the large amount of packages that you are including and probably neither need nor ever use: Do you need the GCC compiler or systemd SysV compatibility in your container?
That way, in case your container is compromised, the range of actions available to an attacker is limited.
Related Articles
Community Partners
DevOps Careers