In this chapter, we will be looking at the Docker Bench for Security. This is a tool that can be utilized to scan your Docker environments, start the host level and inspect all the aspects of this host, inspect the Docker daemon and its configuration, inspect the containers running on the Docker host, and review the Docker security operations and give you recommendations across the board of a threat or concern that you might want to look at in order to address it. In this chapter, we will be looking at the following items:
In this section, we will take a look at the best practices when it comes to Docker as well as the CIS guide to properly secure all the aspects of your Docker environment. You will be referring to this guide when you actually run the scan (in the next section of this chapter) and get results of what needs to or should be fixed. The guide is broken down into the following sections: