mirror of
https://github.com/docker/docker-bench-security.git
synced 2025-01-19 00:32:34 +01:00
Merge pull request #211 from konstruktoid/documentation
md lint and use labels
This commit is contained in:
commit
c36649362b
2 changed files with 29 additions and 16 deletions
|
@ -3,20 +3,22 @@
|
||||||
Want to hack on Docker Bench? Awesome! Here are instructions to get you
|
Want to hack on Docker Bench? Awesome! Here are instructions to get you
|
||||||
started.
|
started.
|
||||||
|
|
||||||
The Docker Bench for Security is a part of the [Docker](https://www.docker.com) project, and follows
|
The Docker Bench for Security is a part of the [Docker](https://www.docker.com)
|
||||||
the same rules and principles. If you're already familiar with the way
|
project, and follows the same rules and principles. If you're already familiar
|
||||||
Docker does things, you'll feel right at home.
|
with the way Docker does things, you'll feel right at home.
|
||||||
|
|
||||||
Otherwise, go read
|
Otherwise, go read
|
||||||
[Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
|
[Docker's contributions guidelines](https://github.com/docker/docker/blob/master/CONTRIBUTING.md).
|
||||||
|
|
||||||
### Development Environment Setup
|
## Development Environment Setup
|
||||||
|
|
||||||
The only thing you need to hack on Docker Bench for Security is a POSIX 2004 compliant shell. We try to keep the project compliant for maximum portability
|
The only thing you need to hack on Docker Bench for Security is a POSIX 2004
|
||||||
|
compliant shell. We try to keep the project compliant for maximum portability.
|
||||||
|
|
||||||
#### Start hacking
|
### Start hacking
|
||||||
|
|
||||||
You can build the container that wraps the docker-bench for security:
|
You can build the container that wraps the docker-bench for security:
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
✗ git clone git@github.com:docker/docker-bench-security.git
|
✗ git clone git@github.com:docker/docker-bench-security.git
|
||||||
✗ cd docker-bench-security
|
✗ cd docker-bench-security
|
||||||
|
@ -31,7 +33,9 @@ Or you can simply run the shell script locally:
|
||||||
✗ sh docker-bench-security.sh
|
✗ sh docker-bench-security.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
The Docker Bench has the main script called `docker-bench-security.sh`. This is the main script that checks for all the dependencies, deals with command line arguments and loads all the tests.
|
The Docker Bench has the main script called `docker-bench-security.sh`.
|
||||||
|
This is the main script that checks for all the dependencies, deals with
|
||||||
|
command line arguments and loads all the tests.
|
||||||
|
|
||||||
The tests are split in 6 different files:
|
The tests are split in 6 different files:
|
||||||
|
|
||||||
|
@ -46,6 +50,12 @@ tests/
|
||||||
└── 6_docker_security_operations.sh
|
└── 6_docker_security_operations.sh
|
||||||
```
|
```
|
||||||
|
|
||||||
To modify the Docker Bench for Security you should first clone the repository, make your changes, check your code with `shellcheck`, `checkbashisms` or similar tools, and then sign off on your commits. After that feel free to send us a pull-request with the changes.
|
To modify the Docker Bench for Security you should first clone the repository,
|
||||||
|
make your changes, check your code with `shellcheck`, `checkbashisms` or similar
|
||||||
|
tools, and then sign off on your commits. After that feel free to send us a
|
||||||
|
pull request with the changes.
|
||||||
|
|
||||||
While this tool is inspired by the [CIS Docker 1.11.0 benchmark](https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110), feel free to add new tests. We will try to turn dockerbench.com into a list of good community benchmarks for both security and performance, and we would love community contributions.
|
While this tool was inspired by the [CIS Docker 1.11.0 benchmark](https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110),
|
||||||
|
feel free to add new tests. We will try to turn [dockerbench.com](https://dockerbench.com)
|
||||||
|
into a list of good community benchmarks for both security and performance,
|
||||||
|
and we would love community contributions.
|
||||||
|
|
|
@ -3,16 +3,19 @@
|
||||||
## Requirements
|
## Requirements
|
||||||
|
|
||||||
### Dockerfile name
|
### Dockerfile name
|
||||||
|
|
||||||
The format should be `Dockerfile.{distribution name}`.
|
The format should be `Dockerfile.{distribution name}`.
|
||||||
|
|
||||||
### Keep your images up-to-date
|
### Keep your images up-to-date
|
||||||
|
|
||||||
Use the distribution package manager to keep your image up-to-date.
|
Use the distribution package manager to keep your image up-to-date.
|
||||||
|
|
||||||
### REPOSITORY
|
### Labels
|
||||||
Add a `REPOSITORY` comment with the URL to your GitHub repository where the Dockerfile is present.
|
|
||||||
`# REPOSITORY <GitHub repository>`
|
|
||||||
|
|
||||||
### MAINTAINER
|
Use the following labels in your Dockerfile:
|
||||||
Add the `MAINTAINER` instruction and your contact details, GitHub aliases are acceptable.
|
|
||||||
|
|
||||||
For an example Dockerfile, please refer to `Dockerfile.alpine`.
|
```
|
||||||
|
LABEL org.label-schema.name="docker-bench-security" \
|
||||||
|
org.label-schema.url="<YOUR GIT REPOSITORY HTTPS ADDRESS>" \
|
||||||
|
org.label-schema.vcs-url="<YOUR REPOSITORY HTTPS GIT ADDRESS"
|
||||||
|
```
|
||||||
|
|
Loading…
Reference in a new issue