blog

Docker is now all the rage in the field of containerization and as a consequence is a target for attack. Although Docker does have some security defaults set right out of the box, those defenses may not be enough to prevent attacks. This article explains how to use Docker Bench for Security to tweak Docker settings in keeping with recognized best practices.

Anchore is a tool that scans Docker images for common vulnerabilities and not so common vulnerabilities if you purchase the paid version. However, the free version is useful and should still be used on your team to avoid the common vulnerabilities.Thankfully, the Anchore team is nice enough to have created an entire shell script to both install the Anchore Database locally and run the Anchore CLI all in one line.

Kops is a popular open source tool that makes it easier to provision and deploy Kubernetes clusters in Cloud Service Providers. However, Kops probably cannot achieve a one-size-fits-all security solution. Use of kops may vary, so you should be aware of default security choices and know how to configure the security to your needs. In this article I'll show you how to run kube-bench against a kops provisioned cluster and how to change the cluster spec to add additional security to the provisioned k8s cluster.