# Docker image security ###### tags: `Research` `Docker` `Security` `Plando` Docker images will be our building blocks, images will be used across enviroments. ## :memo: Articles - [Best Pratices](https://snyk.io/blog/10-docker-image-security-best-practices/) - [Podcast - The New Stack](https://thenewstack.io/docker-security-fundamentals-and-best-practices/) - [3 Golden Rules](https://anchore.com/3-best-practices-for-docker-image-security/) - [Bitnami tutorial](https://engineering.bitnami.com/articles/best-practices-writing-a-dockerfile.html) - Multi-stage build: - [tutorial 1](https://itnext.io/how-to-use-docker-multi-stage-build-to-create-optimal-images-for-dev-and-production-568c19a39de8) - [tutorial 2](https://cloudnweb.dev/2019/10/crafting-multi-stage-builds-with-docker-in-node-js/) - [official documentation](https://docs.docker.com/develop/develop-images/multistage-build/) ## :bulb: Lessons - Trusted source: A source is someone who do the actionable updates on the base images - Minimal image: When the image is small there will be less vulnerability - Multistage build: Same for minimal, but now with pourpose in mind - User with least privileges - Scan for vulnerabilitys ## :rocket: Actions - Tools for Scan for vulnerabilitys ==setup those tools on the CI== - [Clair](https://coreos.com/clair/docs/latest/) - [Docker Bench for Security](https://github.com/docker/docker-bench-security) - [Finded Trusted source for node and mongo](https://hub.docker.com/r/bitnami) - [Buildkit on docker compose](https://www.docker.com/blog/faster-builds-in-compose-thanks-to-buildkit-support/)