Useful Links
Computer Science
Cybersecurity
Container Security
1. Introduction to Container Security
2. Securing the Build Phase
3. Securing the Ship Phase
4. Securing the Run Phase
5. Advanced Security Topics
Securing the Build Phase
Container Supply Chain Overview
Supply Chain Components
Supply Chain Attack Vectors
Trust Boundaries in the Supply Chain
Supply Chain Risk Assessment
Base Image Security
Selecting Trusted Base Images
Official Image Verification
Image Source Validation
Publisher Reputation Assessment
Image Provenance Tracking
Minimalist Base Images
Distroless Images
Google Distroless Images
Building Custom Distroless Images
Benefits and Limitations
Alpine Linux
Alpine Security Features
Package Management in Alpine
Size and Performance Benefits
Scratch Images
Use Cases for Scratch Images
Static Binary Deployment
Base Image Hardening
Removing Unnecessary Packages
Disabling Unused Services
Updating System Packages
Configuring Secure Defaults
Base Image Vulnerability Management
Automated Vulnerability Scanning
Vulnerability Assessment Tools
Scan Result Interpretation
Remediation Strategies
Dockerfile Security Best Practices
User and Permission Management
Creating Non-root Users
Setting User Context in Dockerfile
Managing User IDs and Group IDs
File Ownership and Permissions
Secret Management in Builds
Avoiding Hardcoded Secrets
Environment Variable Security
Build Argument Limitations
Secret Injection Techniques
Multi-stage Build Security
Reducing Final Image Size
Removing Build Dependencies
Separating Build and Runtime Environments
Artifact Management
Dockerfile Instruction Security
COPY vs ADD Security Implications
RUN Instruction Best Practices
EXPOSE Port Management
WORKDIR Security Considerations
Health Check Implementation
Defining Effective Health Checks
Health Check Security Implications
Monitoring Container Health
Attack Surface Reduction
Minimizing Image Layers
Removing Development Tools
Disabling Unnecessary Network Services
File System Optimization
Static Analysis and Vulnerability Assessment
Image Vulnerability Scanning
CVE Database Integration
Automated Scanning Workflows
Continuous Vulnerability Monitoring
False Positive Management
Operating System Package Scanning
Package Manager Integration
Vulnerability Severity Assessment
Package Update Strategies
Dependency Conflict Resolution
Application Dependency Scanning
Language-specific Scanners
Third-party Library Assessment
License Compliance Checking
Dependency Update Management
Static Application Security Testing (SAST)
Code Vulnerability Detection
Security Rule Configuration
CI/CD Pipeline Integration
Result Triage and Remediation
Infrastructure as Code Scanning
Dockerfile Security Analysis
Kubernetes Manifest Scanning
Configuration Drift Detection
Policy Compliance Checking
Software Bill of Materials (SBOM)
SBOM Generation
SBOM Creation Tools
SBOM Format Standards
SPDX Format
CycloneDX Format
SWID Tags
Automated SBOM Generation
SBOM Management
SBOM Storage and Distribution
Version Control Integration
SBOM Validation
SBOM Signing and Verification
Vulnerability Management with SBOMs
Dependency Tracking
Vulnerability Impact Assessment
Patch Management Planning
Incident Response Support
Build-time Secret Management
Secret Classification
Build-time vs Runtime Secrets
Secret Sensitivity Levels
Secret Lifecycle Management
Secure Secret Injection
Docker BuildKit Secrets
Multi-stage Build Secrets
External Secret Management Integration
Secret Rotation Strategies
Secret Detection and Prevention
Secret Scanning Tools
Pre-commit Hooks
CI/CD Secret Detection
Secret Remediation Procedures
Previous
1. Introduction to Container Security
Go to top
Next
3. Securing the Ship Phase