Skip to content

Security policies for Dockerfile validation #1

New issue
New issue
Open
Open
Security policies for Dockerfile validation#1
Labels
enhancementNew feature or requesthelp wantedExtra attention is needed
Milestone
Security policies for Dockerfile validation
@santoshkal

Description

@santoshkal
santoshkal
opened on Feb 2, 2024

This issue is dedicated to tracking the development of security policies to validate Dockerfiles using Genval. We aim to enhance the security and adherence to best practices when creating Dockerfiles.

Included Policies:

  • Enforcing the use of the Chainguard image as the base image.
  • Denying the use of root or 0 as the UID and GID.
  • Prohibiting the use of sudo in RUN instructions.
  • Enforcing cache invalidation for RUN instructions when updating packages or dependencies using apt, apk, yum`, etc.
  • Promoting the use of COPY over ADD instructions.
  • Enforce multistage Dockerfiles.

These policies are a foundational framework for creating secure Dockerfiles that align with industry best practices. However, we recognize that there may be additional policies worth considering. Your input and suggestions are highly encouraged – please share your thoughts and ideas here.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions