Skip to content

madhuakula/docker-security-checker

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
 
 
 
 
 
 
 
 

Repository files navigation

docker-security-checker

This repository contains OPA Rego policies for Dockerfile Security checks using Conftest

Sample rego policy for using COPY instead of ADD in Dockerfile

deny[msg] {
    input[i].Cmd == "add"
    val := concat(" ", input[i].Value)
    msg = sprintf("Use COPY instead of ADD: %s", [val])
}

Running the conftest with security policies

  • Run the following command to test security policies against the Dockerfile
conftest test Dockerfile
  • Now you can see the below example output
WARN - Dockerfile - Do not use latest tag with image: ["ubuntu:latest"]
FAIL - Dockerfile - Suspicious ENV key found: ["SECRET", "AKIGG23244GN2344GHG"]
FAIL - Dockerfile - Use COPY instead of ADD: app /app
FAIL - Dockerfile - Use COPY instead of ADD: code /tmp/code

5 tests, 1 passed, 1 warning, 3 failures

Try it out yourself

  • I have created this scenario in katacoda playground to learn and try out yourself

Katacoda Playground for docker-security-checker

Contribution

  • You can add more policies at policy directory with more information by adding comments

About

Dockerfile Security Checker using OPA Rego policies with Conftest

Topics

Resources

License

Stars

63 stars

Watchers

2 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors