Documentation

Dockerfile Security

A Dockerfile is a text file that contains combined image commands. It consists of four parts: base image information (FROM), maintainer information (MAINTAINER), image operation commands (RUN, ADD, and COPY), and container startup command (CMD). Docker can create container images by reading commands in the Dockerfile. The Dockerfile is a reference sample file provided for users. After modifying the file, pay attention to the security issues of third-party software installed in the Dockerfile.

  • Do not enable the SSH service in the container.
  • Use a non-root user in the container.
  • Scan and rebuild images frequently and add security patches in a timely manner.
  • Ensure that all files specified in the Dockerfile ADD operation are trusted.
  • Do not store sensitive information in the Dockerfile.
  • Add health checks to images.
  • Do not use the update instruction alone in the Dockerfile.
This site uses cookies to improve your browsing experience. By continuing to browse this site, you agree to our use of cookies.View Details