gbrindisi/dockerfile-security

Stars
261
Rank 156,630 (Top 4 %)
Language Open Policy Agent
License
GNU General Publi...
Created about 4 years ago
Updated over 2 years ago

gbrindisi/dockerfile-security

gbrindisi

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A collection of OPA rules to statically analyze Dockerfiles to improve security

Dockerfile Security

A collection of OPA rules to statically analyze Dockerfiles to improve security.

Dockerfile Security best practices

The rules are a set of security best practices as explained here.

How to use

Rules are written in Rego language from Open Policy Agent

You can use conftest in your CI/CD pipeline to analyze Dockerfiles:

conftest test --policy dockerfile-security.rego Dockerfile

Example output:

conftest test --policy dockerfile-security.rego  Dockerfile
FAIL - Dockerfile - Do not run as root, use USER instead
FAIL - Dockerfile - Line 0: use a trusted base image
FAIL - Dockerfile - Line 6: Use COPY instead of ADD
FAIL - Dockerfile - Line 8: Do not use 'sudo' command

8 tests, 4 passed, 0 warnings, 4 failures, 0 exceptions

malware

malware source codes

xsssniper

An automatic XSS discovery tool

wordpot

A Wordpress Honeypot

cloud-security-tools

A directory of cloud security tools

applebooks

A tiny python library to interact with Apple Books databases

urlcluster

A quick and rude URL clusterer

QAzz