_CORE
Services
AI & Agentic Systems Core Information Systems Cloud & Platform Engineering Data Platform & Integration Security & Compliance QA, Testing & Observability IoT, Automation & Robotics Mobile & Digital
Industries
Banking & Finance Insurance Public Administration Defense & Security Healthcare Energy & Utilities Telco & Media Manufacturing Logistics & E-commerce Retail & Loyalty
References Technologies
Lab
Blog Know-how Tools
About Collaboration Careers
CS EN DE
Let's talk

Container Security — Trivy, Falco

27. 01. 2025 Updated: 27. 03. 2026 1 min read intermediate

Containers are not magically secure. Vulnerable base images, root user, secrets in env vars — common mistakes.

Image scanning

Container Security — Trivy, Falco

trivy image myapp:latest trivy image –severity HIGH,CRITICAL nginx:latest

Secure Dockerfile

FROM node:20-alpine AS build WORKDIR /app COPY package*.json ./ RUN npm ci –only=production FROM gcr.io/distroless/nodejs20 COPY –from=build /app /app USER nonroot EXPOSE 3000 CMD [“app/server.js”]

Runtime security — Falco

Falco rule — detect shell in container

  • rule: Shell in container condition: container and proc.name in (bash, sh, zsh) output: “Shell started in container (user=%user.name container=%container.name)” priority: WARNING

Key Takeaway

Distroless/alpine images, non-root user, multi-stage builds. Scan images, monitor runtime.

securitydockercontainerstrivyfalco
Share:

CORE SYSTEMS team

We build core systems and AI agents that keep operations running. 15 years of experience with enterprise IT.

All articles

More know-how

Docker Security Checklist

Docker security checklist — image scanning, non-root, read-only filesystem.

Container Security — Best Practices for Production

Practical best practices for securing containers in production. Image scanning, runtime security, least privilege,...

Image Signing — Cosign and Sigstore

How to sign container images. Cosign, keyless signing, verify in CI/CD.

Runtime Security — Protecting Running Applications

Falco, Tetragon, runtime threat detection and response.