GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-18 16:22:33 +01:00
Code Issues Projects Releases Packages Wiki Activity

Update README.md

Browse source 
Extended my two edits to specify that they only apply if running in a container.
This commit is contained in:
Jo Cook 2021-02-23 17:25:12 +00:00 committed by GitHub
parent cf7c50bf33
commit 3732a475cb
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
README.md
View file

@ -83,7 +83,7 @@ version 1.13.0 or later.
```sh
-b optional Do not print colors
-h optional Print this help message
-l FILE optional Log output in FILE inside docker bench container
-l FILE optional Log output in FILE, inside container if run using docker
-c CHECK optional Comma delimited list of specific check(s)
-e CHECK optional Comma delimited list of specific check(s) to exclude
-i INCLUDE optional Comma delimited list of patterns within a container or image name to check
@ -91,8 +91,11 @@ version 1.13.0 or later.
```
By default the Docker Bench for Security script will run all available CIS tests
and produce logs in the current directory inside the container, named `docker-bench-security.sh.log.json`
and produce logs in the current directory, named `docker-bench-security.sh.log.json`
and `docker-bench-security.sh.log`.
If the docker container is used then the log files will be created inside the container. If you wish to access them from the host after the container has been run you will need to mount a volume for storing them in.
The CIS based checks are named `check_<section>_<number>`, e.g. `check_2_6`
and community contributed checks are named `check_c_<number>`.
A complete list of checks is present in [functions_lib.sh](functions_lib.sh).