I wanted to follow up on our recent security blog post on May 5th introducing the CIS Benchmark and our Docker white paper. Having the documents is useful, however the ability to easily put these benchmarks into practice is equally important. To do that I built the Docker Bench for Security which automates validating a host’s configuration against the CIS Benchmark recommendations. This is the first in many planned tools we aim to bring to the Docker user community in checking and improving the security of their deployments.
You can run the Docker Bench for Security as a Docker container with the command below, or simply execute a script from your base host.
docker run -it --net host --pid host -v /var/run/docker.sock:/var/run/docker.sock \ -v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label security-benchmark \ diogomonica/docker-bench-security
If you have questions, find us on IRC #docker-security and if you run into any problems, please file an issue on Github.
Last but not least, we are holding our first ever Docker security webinar. In this session we will discuss Docker security, the recommendations in the CIS Benchmark and demo the tool.
The webinar will be on Thursday June 11th at 10:00 am Pacific.
Please click the “Register” link in the Event Status to sign up for this event and to receive your dial in details.
Learn More about Docker
- New to Docker? Try our 10 minute online tutorial
- Share images, automate builds, and more with a free Docker Hub account
- Read the Docker 1.6 Release Notes
- Subscribe to Docker Weekly
- Attend upcoming Docker Meetups
- Register for DockerCon 2015
- Start contributing to Docker