Docker is a great technology that allows developers to build and deploy the infrastructure of an application in one source code image, but, security is one of the biggest challenges. In this talk, we present the best practices and lessons learned of security reviews on docker images deployments.
These could be the main talking points:
1-Introduction to docker security ecosystem,examining the main parts of a docker application.
2-Tools for auditing docker images for detecting vulnerabilities like docker-bench-security and lynis
The target of these tools is detect potential vulnerabilities in docker images/containers and to monitor running docker containers for detecting anomalous activities.
3- Other tools for testing the security of a docker container.
We can use tools such as Jenkins/TravisCI for automated testing, and Coveralls to ensure all lines of code inside docker image are tested.
4-Security best-practices around deploying Docker containers in production.