Tuesday, March 1, 2022

Docker Images - Slim Image, Security, Vulnerability

 Few points need to always remember from docker images point of view

1. Docker image should be created with a specified tag instead of the latest tag because the latest image is different from time to time.

For example, if you want to download an ubuntu image in a Docker file then

            FROM ubuntu     # Do not use this statement

            FROM ubuntu:18.04 # This is the correct way because it contains the 18.04 version

2. Docker image should be in minimal size which fulfills the requirement of the container which you want to run.

For example, if the requirement of the docker image gets fulfilled in the minimal version of the required docker image then use the minimal version. If the alpine docker image is sufficient instead of ubuntu's latest image then use the alpine image.

3. Docker Image should be minimal in size by creating a multistage docker file.

For example, If you want to build a java source code and deploy the war file on a tomcat server then it is better to create either multistage docker file.

4. Docker Images should pass all the vulnerability checks so that authenticated images should be used for your application.

5. Before Creating a Docker image from the Docker file it is better to use the docker linter tool to verify the steps of the Docker file.

6. Run the container with a Rootless users so that attackers will have fewer chances to hack the containers completely.

7. Use the distroless images (provided by google) if required.

8. Use Scratch images if you want to create a docker image from scratch like debian based etc.


Post a Comment