Skip to content

Head First DevSecOps

Security best practices

  • Execution with non-root user
  • Start containers in read-only mode
  • Disable the setuid and setgid permissions
  • Verifying images with Docker Content Trust
  • Resource limitation
  • Disabling ping command in a container
  • AppArmor allows you to regulate permissions and access of the containers in the filesystem
  • SELinux provides a system of rules that allows you to implement access controls to the kernel resources
  • Secure Computing Mode (Seccomp) monitors kernel system calls

Reference

  • Implementing DevSecOps with Docker and Kubernetes
  • https://github.com/DropsOfZut/awesome-security-weixin-official-accounts

Disclaimer
  1. License under CC BY-NC 4.0
  2. Copyright issue feedback me#imzye.me, replace # with @
  3. Not all the commands and scripts are tested in production environment, use at your own risk
  4. No privacy information is collected here
Try my iOS App