docker-bench-security
docker-bench-security copied to clipboard
docker
The Docker Bench for Security is a script that checks for dozens of common best-practices around deploying Docker containers in production.
Check 2.18 doesn't report the ID because [this section](https://github.com/docker/docker-bench-security/blob/master/tests/2_docker_daemon_configuration.sh#L416C3-L418C18) should end in `info -c "$check"` instead. Actual: `[INFO] Ensure that experimental features are not implemented in production (Scored) (Deprecated)` Desired:...
The following is in `docker-bench-security/tests/1_host_configuration.sh`: ``` docker_users=$(grep 'docker' /etc/group) if command -v getent >/dev/null 2>&1; then docker_users=$(getent group docker) fi docker_users=$(printf "%s" "$docker_users" | awk -F: '{print $4}') ``` `docker_users=$(grep...
closes https://github.com/docker/docker-bench-security/issues/563
The current `docker-bench-security.sh` uses `#!/bin/bash` for it's shebang but bash is not included in the Docker when built as exampled. With the current init it'll run but attaching to a...
Add support for Cis benchmark v1.8.0 close #573 - Add new test for section 2.7 - Update Check 5.15 - Update all the subset (v8 Grid and level_1) - Update...
Since neither me or @diogomonica has developer status or review permssions anymore, I feel it safe to say we should no longer be maintainers of this repository or assigned any...
Test `check_1_1_5` should be following the behavior of `check_1_1_1` and fetching the path of Docker's data root, not assuming it is still located at `/var/lib/docker` such as in scenarios where...
name: ci on: push: branches: - "main" jobs: docker: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Log in to Docker Hub uses: docker/login-action@v3 with: username: ${{ vars.DOCKER_USER...
Hi All, the whole test is looking good. I only see some one those lines: ``` docker run --rm --net host --pid host --userns host --cap-add audit_control -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST -v...
A [new version v1.8.0][1] of the *CIS Docker Benchmark* has been released in July 2025. The tool should be updated to ensure compliance with the newest version of the benchmark....
