How to build a secure Docker image? The biggest goal of this article, is to be a comprehensive guide on building and delivering secure and safe container images.
Having that said, we try to focus on build-time. We will not cover registry, orchestrator and runtime protection in this write-up. All of these are so broad, that they deserve a completely different article.
Compliance, standards and order are the keys to organize and make relatively secure environment. Every organization’s environment, its threat and malicious actors are different. Our intention is to present the mindset for container images security; some terms might be very global, the others very strict to the project and processes. Having that said, in next points we will cover some terms that might not be related to your specific environment, dear Reader, however, we still hope you will find this guidance useful.