Member-only story
Top 10 Dockerfile Security Best Practices for a More Secure Container
In this post, we’ll walk through what a Dockerfile is and how to create one following leading industry security best practices including but not limited to multi-stage builds, creating minimal images, use of appropriate instructions to minimize number of layers, linting, what to avoid, and more. So lets dive deep into Dockerfile security.
Table of Contents
· 1. What is a Dockerfile?
· 2. Use USER Instruction
· 3. Use Minimal Dockerfile Base Image
· 4. Use Minimal Ports
· 5. Use Trusted and Secure Base Images
∘ 5.1. Check for Vulnerabilities
∘ 5.2. Use Signed Images
· 6. Use a Linter
· 7. Avoid Using Latest Tag
· 8. Group RUN, COPY, and ADD Instructions
· 9. Multi-stage Building
· 10. Avoid Including Secrets or Credentials
· 11. Use .dockerignore
· 12. Conclusion
· References
