Home

Guide to Pragmatic Container Security

Intro

This is a guide for pragmatically improving your container security capabilities, with guidance on all tenets of container security.

Great effort has been made to zero-in on the highest-impacting controls to reduce risk associated with container workloads, providing a practical roadmap for implementing strong container security.

Each recommendation will be supplemented with: how to implement; what risk is actually mitigated through implementing; further steps you can take to mature this control (where appropriate).

WTF is Container Security

The tl;dr is that container security is our software supply-chain security.

The l;r is that container security is the practice of ensuring that we are:

• Building secure container images
• Securing container pipelines
• Securing container registries
• Building and maintaining secure container deployment environments
• Enforcing secure container runtimes
• Monitoring our containers for security incidents
• Securing container orchestration tools used to manage containers

How to use this Guide

This guide will be split into the specific domains of container security:

• Container image security (coming later)

• Container registry security (coming later)

• Container Runtime Security

• Container monitoring (coming later)`

Included in each recommendation will be steps to implement for Docker deployment of containers, and Kubernetes deployments.

It’s recommended to audit your adherence to all requirements listed, and then work through the gaps systematically. Or just free-wheel it, different strokes I guess…