Dramelac
commented
6 months ago Open Dramelac opened 6 months ago
Dramelac
commented
6 months ago 
GRodolphe
commented
6 months ago Hello, using a tool like docker bench can provide an initial overview of the "health status" of Docker images. I can scan the images and share the results if that seems relevant. I also offer to help with hardening.
Dramelac
commented
6 months ago Hello, using a tool like docker bench can provide an initial overview of the "health status" of Docker images. I can scan the images and share the results if that seems relevant. I also offer to help with hardening.
Hello
Not sure what kind of "best practice" this tools is looking for. Exegol-image is not a service image "as usual" so there is a lots of difference. But i can still be interesting to see.
I think the hardening part will be more container oriented, regarding config, volume, apparmor options etc.. But if we can improve image-side too it can be interesting and added to the card !
GRodolphe
commented
6 months ago Hello, using a tool like docker bench can provide an initial overview of the "health status" of Docker images. I can scan the images and share the results if that seems relevant. I also offer to help with hardening.
Hello
Not sure what kind of "best practice" this tools is looking for. Exegol-image is not a service image "as usual" so there is a lots of difference. But i can still be interesting to see.
I think the hardening part will be more container oriented, regarding config, volume, apparmor options etc.. But if we can improve image-side too it can be interesting and added to the card !
Oh ok I see, I will dig this subject
Have a local firewall, limited capabilities, virtual env around docker on the host, non-root user inside Docker, and many more security enforcement to be able to use Exegol in sensitive contexts, limit operational security risks, etc.