CIS Docker Benchmark
Profile Applicability: Level 2 Description: Removing setuid and setgid permissions in Docker images can help prevent privilege escalation attacks wi...
Tue, 29 Apr, 2025 at 8:42 PM
Profile Applicability: Level 1 Description: You should use the COPY instruction instead of the ADD instruction in the Dockerfile. Rationale: The...
Tue, 29 Apr, 2025 at 8:51 PM
Profile Applicability: Level 1 Description: Secrets, such as API keys, passwords, and sensitive data, should not be stored in Dockerfiles. Rationa...
Tue, 29 Apr, 2025 at 9:05 PM
Profile Applicability: Level 2 Description: Verify the authenticity of packages before installing them into images. Rationale: Installing package...
Tue, 29 Apr, 2025 at 9:11 PM
Profile Applicability: Level 1 Description: Docker stores container data by default under /var/lib/docker. To prevent issues such as disk space exha...
Tue, 29 Apr, 2025 at 9:19 PM
Profile Applicability: Level 1 Description: Swarm mode should only be enabled on Docker engine instances when needed. Enabling swarm mode opens mul...
Tue, 29 Apr, 2025 at 9:38 PM
Profile Applicability: Level 2 Description: SELinux is a security feature available on some Linux distributions, such as Red Hat and Fedora. It add...
Tue, 29 Apr, 2025 at 11:04 PM
Profile Applicability: Level 1 Description: Containers should have appropriate CPU priorities set to ensure that critical containers get sufficient ...
Tue, 29 Apr, 2025 at 11:13 PM
Profile Applicability: Level 1 Description: By default, Docker starts containers with a restricted set of Linux kernel capabilities. Docker suppor...
Tue, 29 Apr, 2025 at 11:16 PM
Profile Applicability: Level 1 Description: The root filesystem for a container should be mounted as read-only. This ensures that no files can be mo...
Tue, 29 Apr, 2025 at 11:18 PM