Awesome

A collection of resources about container security

Check out the folders here:

• Publications
• Talks

For Kubernetes related resources check my other repo

Tools

• Checking the containment level
• dockerscan - modify and inject content into images
• Unpack a Docker image
• Clair, a SCA-type tmage scanner
• Google's tool for analyzing and comparing container images
• Docker registry CLI tool
• Dadga - static analysis on images and checking with Falco at runtime
• Docker-bench - configuration analysis against CIS Docker benchmark
• Dockle- dockerfile linter and scanner

Guides, tutorials and trainings

• OWASP 2019 Container security training
• Vulhub - Intentionally vulnerable docker environments
• Adidas training
• Docker hardening
• Docker secure deployment guides
• OWASP's docker security
• Building containers, best practices
• Docker security workshop
• Another Docker security workshop

Concepts

• Containers withouth docker
• Capabilities
• Contained.af
• Running docker daemon without giving it root privileges

Live training and demos

• Katacoda
• Docker labs

Container escapes

• Understanding Docker container escapes
• A Compendium of Container Escapes

Standards and recommendations

• CIS Benchmark
• Docker bench for security - CIS Benchmark checker

Windows

• Good intro presentation to docker and docker on windows - https://stefanscherer.github.io/windows-docker-workshop/#1 (includes some workarounds like mounting drive to help in real-path resolution for mapped volumes)
• Docker on windows - Microsoft docs - https://docs.microsoft.com/en-us/virtualization/windowscontainers/manage-docker/configure-docker-daemon
• MS Containers documentation https://docs.microsoft.com/en-us/virtualization/windowscontainers/index
• Windows docker tutorials - https://github.com/docker/labs/tree/master/windows
• Nano server - https://docs.microsoft.com/en-us/windows-server/get-started/getting-started-with-nano-server
• Docker compose on windows https://github.com/docker/labs/blob/master/windows/windows-containers/MultiContainerApp.md
• How docker for windows runs Linux containers - https://docs.microsoft.com/en-us/virtualization/windowscontainers/deploy-containers/linux-containers
• Hyper-V considerations -https://blog.docker.com/2016/10/considerations-running-docker-windows-server-2016-hyper-v-vms/
• Docker GUI - http://wiki.ros.org/docker/Tutorials/GUI
• Installing WSL and docker - https://raesene.github.io/blog/2018/03/29/WSL-And-Docker/

Docker registry

• how docker registry authorization is done - https://medium.com/@maanadev/authorization-for-private-docker-registry-d1f6bf74552f

Monitoring

• monitoring containers - https://katacoda.com/sysdig/scenarios/sysdig-container-visibility
• monitoring with sysdig - https://www.katacoda.com/courses/docker-security/sysdig-falco