Kubernetes Docker Security Good Defaults and Tools
- 安全相關文章:
- 29 Docker security tools compared: https://sysdig.com/blog/20-docker-security-tools/
- Docker security: https://docs.docker.com/engine/security/security/
- 資訊安全問題總表:https://github.com/BretFisher/ama/issues/17
- Docker Bench for Security
- Using User in Dockerfiles to Avoid Running as Root
- Ex. nginx的image會建立一個user,但是要你自己去切換到那個user
- Docker User Namespaces for Extra Host Security
- Code Repo & Image Scanning: analyzing potential threats
- Snyk 會掃描 docker repo
- Code Repo and Image Scanning for CVE's
- 第二安全的方式是設定你的app檔案權限,設定成只有你的app User可以讀取,如果如果有其他人用其他User登入你的container,那他們也無法讀取你的app檔案
- 如果你有使用Secrets那麼你其實已經比99%的人還要安全了
- END