Diogo Mónica

Docker Security Tools and Upcoming Webinar

Diogo Mónica

I wanted to follow up on our recent security blog post on May 5th introducing the CIS Benchmark and our Docker white paper. Having the documents is useful, however the ability to easily put these benchmarks into practice is equally important. To do that I built the Docker Bench for Security which automates validating a host’s configuration against the CIS Benchmark recommendations.  This is the first in many planned tools we aim to bring to the Docker user community in checking and improving the security of their deployments.



You can run the Docker Bench for Security as a Docker container with the command below, or simply execute a script from your base host.

docker run -it --net host --pid host -v /var/run/docker.sock:/var/run/docker.sock \
-v /usr/lib/systemd:/usr/lib/systemd -v /etc:/etc --label security-benchmark \

If you have questions, find us on IRC #docker-security and if you run into any problems, please file an issue on Github.

Last but not least, we are holding our first ever Docker security webinar.  In this session we will discuss Docker security, the recommendations in the CIS Benchmark and demo the tool.

The webinar will be on Thursday June 11th at 10:00 am Pacific.  

Please click the “Register” link in the Event Status to sign up for this event and to receive your dial in details.




Learn More about Docker



4 thoughts on “Docker Security Tools and Upcoming Webinar

  1. I’ve tryed to run this container but it raises this error:
    FATA[0000] Error response from daemon: Cannot start container e131f06bf0e8a2b9c07b2adb12a057c390b48340ecbfb32d809b6dfdb7503634: [8] System error: open /var/lib/docker/aufs/mnt/e131f06bf0e8a2b9c07b2adb12a057c390b48340ecbfb32d809b6dfdb7503634/etc/resolv.conf: no such file or directory


  2. Jonathan Hamilton

    Thank you for this great tool! Make’s the 130 page CIS report much more actionable / digestible =)

    Two suggestions / feature requests:
    1) Make the security tool smart enough to filter itself out. The security container produces a lot of noise as it violates many rules it’s evaluating – which is perhaps a necessary evil, but doesn’t add value to have to filter through it
    2) Make the rules configurable from host e.g. exclude containers zyz, exclude rule foo, which will also help avoid noise and allow users to focus on what’s important for them

    Thanks again for this helpful tool!

  3. I would like to attend.

  4. Is a recording of the webinar available? Slides?

Leave a Reply