Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production. It provides a convenient way to assess the security configurations of your Docker environment against a set of recommended practices.
- Automated checks for Docker security configurations.
- Supports both manual and automated checks.
- Provides a score indicating the security posture of your Docker setup.
-
Clone the Docker Bench for Security repository:
git clone https://github.com/docker/docker-bench-security.git
-
Navigate to the cloned directory:
cd docker-bench-security
You have two options if you wish to build and run this container yourself:
- Use Docker Build:
git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security docker build --no-cache -t docker-bench-security .
Followed by an appropriate bash docker run
command.
- Use Docker Compose:
git clone https://github.com/docker/docker-bench-security.git cd docker-bench-security docker-compose run --rm docker-bench-security
-
Run the Docker Bench for Security script:
sudo sh docker-bench-security.sh
-
Optionally, you can redirect the output to a JSON file:
sudo sh docker-bench-security.sh -l /output-folder/docker-bench_output
Now you can use the python file to export the .json to a readable .html