2. Agenda
● Security scanner from Aqua Security
● Trusted repos for Dockerfile
● Restricted access in docker images
● Slim container - good container
3. To start
● Installed
○ centos / ubuntu
○ docker
○ git
○ wget
● Repositories
○ https://github.com/pluhin/docker_demo
○ https://github.com/pluhin/microscanner-wrapper
● Time
○ 30 mins
4. Microscanner
● Can scan you image to find vulnerability
● Rebuild and create temporary new image based on exiting (in free version)
● Do not touch images (in paid version)
● Has Jenkins plugin
● Provide detailed result
6. Restricted access
● Do not allow do anything inside container
● Create shell user for maintenance witch restricted security policy
● Describe and apply efficient security policy for image
Hi, my name Siarhei and i would like to present for you a little demo, small knowledge transfer.
Two weeks ago I was on AWS Dev Day in small city near Utrecht: Zeist
It was very interesting workshop/presentation of new and existing technology which AWS developers use
There were a few interesting technics not related just to AWS, and I would like to show them for you
this is the agenda which we will follow on this demo
Security scanner from Aqua Security
Small scanner which provided by Aqua Security company, provide for us result of vulnerability docker imagesTrusted repos for Dockerfile
Apply scanner to two docker images, are based on different repositories
Restricted access in docker images
Create more security inside containersSlim container - good container
Example how to reduce size of image