In this chapter, we covered some aspects of Docker security. First, we took a look at some of the things you need to consider when running containers versus typical virtual machines with regard to security. We looked at the advantages, your Docker host, and spoke about image trust. We then took a look at what Docker commands we can use for security purposes.

We launched a read-only container so that we can minimize any potential damage any potential intruder can do within our running containers. As not all applications lend themselves well to running in read-only containers, we then looked at how we can track changes that have been made to the image since launching. It is always useful to be able to easily find out any changes made on the filesystem at runtime when trying to look into any problems.

Next, we discussed the Center for Internet Security guidelines for Docker. This guide will assist you in setting up multiple aspects of your Docker environment. Lastly, we took a look at the Docker Bench for Security. We looked at how to get it up and running and ran through an example of what the output would look like once it has been run. We then took a look at the said output to see what all it meant. Remember the six items that the application covered: the host configuration, Docker daemon configuration, Docker daemon configuration files, container images and build files, container runtime, and Docker security operations.

In the next chapter, we are going to take a look at how Docker can fit into your existing workflows as well as some new ways to approach working with containers.