GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2024-11-01 08:31:44 +01:00
Code Issues Projects Releases Packages Wiki Activity

Add remediation stuff on security operations

Browse source
This commit is contained in:
Razvan Stoica 2021-03-18 10:30:30 +02:00
parent c05c58674a
commit 25de0bd826
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
tests/6_docker_security_operations.sh
View file

@ -12,6 +12,8 @@ check_6() {
check_6_1() {
local id="6.1"
local desc="Ensure that image sprawl is avoided (Not Scored)"
local remediation="You should keep only the images that you actually need and establish a workflow to remove old or stale images from the host. Additionally, you should use features such as pull-by-digest to get specific images from the registry."
local remediationImpact="docker system prune -a removes all exited containers as well as all images and volumes that are not referenced by running containers, including for UCP and DTR."
local check="$id - $desc"
starttestjson "$id" "$desc"
@ -36,6 +38,8 @@ check_6_1() {
check_6_2() {
local id="6.2"
local desc="Ensure that container sprawl is avoided (Not Scored)"
local remediation="You should periodically check your container inventory on each host and clean up containers which are not in active use with the command: docker container prune"
local remediationImpact="You should retain containers that are actively in use, and delete ones which are no longer needed."
local check="$id - $desc"
starttestjson "$id" "$desc"