AnalogJ
commented
2 years ago - public Docker Images are insecure (show vulns reports)
- alpine
- distroless
- CI/CD integration (snyk/Anchore)
- supply chain attacks -
- investigate https://www.open-scap.org/
- https://github.com/genuinetools/bane
- https://github.com/dev-sec/cis-docker-benchmark
- https://github.com/quay/clair
- https://github.com/google/docker-explorer
- https://github.com/docker/docker-bench-security
- https://github.com/aquasecurity/trivy
- https://github.com/sigstore/cosign