2015-06-12 01:26:49 +02:00
|
|
|
# Contributing to Docker Bench for Security
|
|
|
|
|
|
|
|
|
|
Want to hack on Docker Bench? Awesome! Here are instructions to get you
|
|
|
|
|
started.
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
The Docker Bench for Security is a part of the [Docker](https://www.docker.com)
|
|
|
|
|
project, and follows the same rules and principles. If you're already familiar
|
|
|
|
|
with the way Docker does things, you'll feel right at home.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
|
|
|
|
Otherwise, go read
|
|
|
|
|
[Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
## Development Environment Setup
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
The only thing you need to hack on Docker Bench for Security is a POSIX 2004
|
|
|
|
|
compliant shell. We try to keep the project compliant for maximum portability.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
### Start hacking
|
2015-06-12 01:26:49 +02:00
|
|
|
|
|
|
|
|
You can build the container that wraps the docker-bench for security:
|
2017-01-26 14:53:47 +01:00
|
|
|
|
2015-06-12 01:26:49 +02:00
|
|
|
```sh
|
2017-07-07 12:02:15 +02:00
|
|
|
git clone git@github.com:docker/docker-bench-security.git
|
|
|
|
|
cd docker-bench-security
|
|
|
|
|
docker build -t docker-bench-security .
|
2015-06-12 01:26:49 +02:00
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Or you can simply run the shell script locally:
|
|
|
|
|
|
|
|
|
|
```sh
|
2017-07-07 12:02:15 +02:00
|
|
|
git clone git@github.com:docker/docker-bench-security.git
|
|
|
|
|
cd docker-bench-security
|
|
|
|
|
sh docker-bench-security.sh
|
2015-06-12 01:26:49 +02:00
|
|
|
```
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
The Docker Bench has the main script called `docker-bench-security.sh`.
|
|
|
|
|
This is the main script that checks for all the dependencies, deals with
|
|
|
|
|
command line arguments and loads all the tests.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-07-07 11:46:49 +02:00
|
|
|
The tests are split into the following files:
|
2015-06-12 01:26:49 +02:00
|
|
|
|
|
|
|
|
```sh
|
2015-06-21 22:07:07 +02:00
|
|
|
tests/
|
2015-06-12 01:26:49 +02:00
|
|
|
├── 1_host_configuration.sh
|
|
|
|
|
├── 2_docker_daemon_configuration.sh
|
|
|
|
|
├── 3_docker_daemon_configuration_files.sh
|
|
|
|
|
├── 4_container_images.sh
|
|
|
|
|
├── 5_container_runtime.sh
|
2017-07-07 11:46:49 +02:00
|
|
|
├── 6_docker_security_operations.sh
|
|
|
|
|
└── 7_docker_swarm_configuration.sh
|
2015-06-12 01:26:49 +02:00
|
|
|
```
|
|
|
|
|
|
2017-01-26 14:53:47 +01:00
|
|
|
To modify the Docker Bench for Security you should first clone the repository,
|
|
|
|
|
make your changes, check your code with `shellcheck`, `checkbashisms` or similar
|
|
|
|
|
tools, and then sign off on your commits. After that feel free to send us a
|
|
|
|
|
pull request with the changes.
|
2015-06-12 01:26:49 +02:00
|
|
|
|
2017-07-07 11:46:49 +02:00
|
|
|
While this tool was inspired by the [CIS Docker 1.11.0 benchmark](https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110)
|
|
|
|
|
and its successors, feel free to add new tests. We will try to turn
|
|
|
|
|
[dockerbench.com](https://dockerbench.com) into a list of good community
|
|
|
|
|
benchmarks for both security and performance, and we would love community
|
|
|
|
|
contributions.
|
