_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
Language
CS EN
Let's talk

Docker Security Checklist

29. 09. 2025 1 min read intermediate

Docker containers aren’t automatically secure. Go through this checklist.

Image

  • ☐ Official or verified base image
  • ☐ Pinned tag (not :latest)
  • ☐ Multi-stage build (minimal final image)
  • ☐ Image scanning (Trivy, Snyk)
  • ☐ No secrets in image layers

Runtime

  • ☐ Non-root user
  • ☐ Read-only filesystem where possible
  • ☐ Drop all capabilities, add only needed ones
  • ☐ Seccomp/AppArmor profile
  • ☐ Resource limits (memory, CPU)

Network

  • ☐ Minimal exposed ports
  • ☐ Custom network (not default bridge)
  • ☐ TLS for inter-container communication

Host

  • ☐ Docker daemon without TCP (socket only)
  • ☐ User namespace remapping
  • ☐ Current Docker version
  • ☐ Log rotation configured

Tool

Run docker bench security (github.com/docker/docker-bench-security) for automated audit.

dockersecuritycontainers
Share:

CORE SYSTEMS tým

Stavíme core systémy a AI agenty, které drží provoz. 15 let zkušeností s enterprise IT.

Všechny články

Další know-how

Container Security — Best Practices for Production

Practical best practices for securing containers in production. Image scanning, runtime security, least privilege,...

Container Security — Trivy, Falco

Bezpečné kontejnery. Image scanning, runtime security, best practices.

Image Signing — Cosign a Sigstore

Jak podepisovat container images. Cosign, keyless signing, verify v CI/CD.