Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security policies for Dockerfile validation #22

Open
santoshkal opened this issue Feb 2, 2024 · 0 comments
Open

Security policies for Dockerfile validation #22

santoshkal opened this issue Feb 2, 2024 · 0 comments
Labels
enhancement New feature or request
Milestone
Security policies...

Comments

@santoshkal
Copy link
Collaborator

This issue is dedicated to tracking the development of security policies specifically designed for validating Dockerfiles using Genval. We aim to enhance the security and adherence to best practices when creating Dockerfiles.

Included Policies:

  • Enforcing the use of the Chainguard image as the base image.
  • Denying the use of root or 0 as the UID and GID.
  • Prohibiting the use of sudo in RUN instructions.
  • Enforcing cache invalidation for RUN instructions when updating packages or dependencies using apt, apk, yum, etc.
  • Promoting the use of COPY over ADD instructions.
  • Enforce multistage Dockerfiles.

These policies are a foundational framework for creating secure Dockerfiles that align with industry best practices. However, we recognize that there may be additional policies worth considering. Your input and suggestions are highly encouraged – please share your thoughts and ideas here.
@santoshkal santoshkal added the enhancement New feature or request label Feb 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
genval
Status: Backlog
Milestone
Security policies for Dockerfile vali...
Development

No branches or pull requests
1 participant
@santoshkal