Dockerfile Security

A Dockerfile is a text file that contains combined image commands. It consists of four parts: basic image information (FROM), maintainer information (MAINTAINER), image operation commands (RUN, ADD, and COPY), and container startup command (CMD). Docker can create container images by reading commands in the Dockerfile. The Dockerfile is a reference sample file provided for users. After modifying the file, pay attention to the security issues of third-party software installed in the Dockerfile.

• Do not enable the SSH service in the container.
• Use a non-root user in the container.
• Scan and rebuild images frequently and add security patches in a timely manner.
• Ensure that the file on which the ADD operation is performed is a trusted file in the Dockerfile.
• Do not store sensitive information in the Dockerfile.
• Add health checks to images.
• Do not use the update instruction alone in the Dockerfile.