2015-06-12 01:26:49 +02:00
|
|
|
# Contributing to Docker Bench for Security
|
|
|
|
|
|
|
|
|
|
Want to hack on Docker Bench? Awesome! Here are instructions to get you
|
|
|
|
|
started.
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
The Docker Bench for Security is a part of the [Docker](https://www.docker.com)
|
|
|
|
|
project, and follows the same rules and principles. If you're already familiar
|
|
|
|
|
with the way Docker does things, you'll feel right at home.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
|
|
|
|
Otherwise, go read
|
2021-05-25 20:43:33 +02:00
|
|
|
[Contribute to the Moby Project](https://github.com/moby/moby/blob/master/CONTRIBUTING.md).
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
## Development Environment Setup
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
### Start hacking
|
2015-06-12 01:26:49 +02:00
|
|
|
|
|
|
|
|
You can build the container that wraps the docker-bench for security:
|
2017-01-26 14:53:47 +01:00
|
|
|
|
2015-06-12 01:26:49 +02:00
|
|
|
```sh
|
2017-07-07 12:02:15 +02:00
|
|
|
git clone git@github.com:docker/docker-bench-security.git
|
|
|
|
|
cd docker-bench-security
|
|
|
|
|
docker build -t docker-bench-security .
|
2015-06-12 01:26:49 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Or you can simply run the shell script locally:
|
|
|
|
|
|
|
|
|
|
```sh
|
2017-07-07 12:02:15 +02:00
|
|
|
git clone git@github.com:docker/docker-bench-security.git
|
|
|
|
|
cd docker-bench-security
|
2017-07-07 12:03:40 +02:00
|
|
|
sudo sh docker-bench-security.sh
|
2015-06-12 01:26:49 +02:00
|
|
|
```
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
The Docker Bench has the main script called `docker-bench-security.sh`.
|
|
|
|
|
This is the main script that checks for all the dependencies, deals with
|
|
|
|
|
command line arguments and loads all the tests.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-07-07 11:46:49 +02:00
|
|
|
The tests are split into the following files:
|
2015-06-12 01:26:49 +02:00
|
|
|
|
|
|
|
|
```sh
|
2015-06-21 22:07:07 +02:00
|
|
|
tests/
|
2015-06-12 01:26:49 +02:00
|
|
|
├── 1_host_configuration.sh
|
|
|
|
|
├── 2_docker_daemon_configuration.sh
|
|
|
|
|
├── 3_docker_daemon_configuration_files.sh
|
|
|
|
|
├── 4_container_images.sh
|
|
|
|
|
├── 5_container_runtime.sh
|
2017-07-07 11:46:49 +02:00
|
|
|
├── 6_docker_security_operations.sh
|
2019-08-28 12:30:34 +02:00
|
|
|
├── 7_docker_swarm_configuration.sh
|
|
|
|
|
├── 8_docker_enterprise_configuration.sh
|
|
|
|
|
└── 99_community_checks.sh
|
2015-06-12 01:26:49 +02:00
|
|
|
```
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
To modify the Docker Bench for Security you should first clone the repository,
|
2021-05-25 20:43:33 +02:00
|
|
|
make your changes, check your code with `shellcheck`, or similar tools, and
|
|
|
|
|
then sign off on your commits. After that feel free to send us a pull request
|
|
|
|
|
with the changes.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2019-08-28 12:30:34 +02:00
|
|
|
While this tool was inspired by the [CIS Docker 1.11.0 benchmark](https://www.cisecurity.org/benchmark/docker/)
|
2021-05-25 20:43:33 +02:00
|
|
|
and its successors, feel free to add new tests.
|
