docker-bench-security is a script that checks for dozens of common best-practices around deploying Docker containers in production.

We use Docker to save effort, not the other way around. Try docker-bench-security to avoid common pitfalls using Docker. It’s provided by Docker, Inc. Totally free and constantly polished.

Enclosed is all you need to know, in order to understand and use the tool.

Before we dive deep, please remember there is nothing that is absolutely secure. Nothing. It’s up to you to figure out what your security boundary is, and how you mitigate failures.

Besides this tool, I will introduce more tips or skills in future posts. Hope all the effort can better secure your Docker envs. (Product Review: NeuVector, Build Run-Time Container Security)

Security is one of the biggest challenges for docker. Too many pitfalls and potential vulnerabilities. As normal users, not everyone can be or should be a Docker security expert.

Here comes docker-bench-security in github. By now, the script enforces 63 known security checks for Docker. To audit OS security, people usually use tools like lynis. To audit Docker security, try this one.