GuillaumeHemmen/docker-bench-security
1
0
Fork 0
mirror of https://github.com/docker/docker-bench-security.git synced 2025-01-19 00:32:34 +01:00
Code Issues Projects Releases Packages Wiki Activity

update CONTRIBUTING.md

Browse source 
Signed-off-by: Thomas Sjögren <konstruktoid@users.noreply.github.com>
This commit is contained in:
Thomas Sjögren 2017-07-07 11:46:49 +02:00
parent 789af6d8d6
commit cabb5d8dbc
1 changed files with 14 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
CONTRIBUTING.md
View file

@ -20,34 +20,34 @@ compliant shell. We try to keep the project compliant for maximum portability.
You can build the container that wraps the docker-bench for security: You can build the container that wraps the docker-bench for security:
```sh ```sh
git clone git@github.com:docker/docker-bench-security.git $ git clone git@github.com:docker/docker-bench-security.git
cd docker-bench-security $ cd docker-bench-security
docker build -t docker-bench-security . $ docker build -t docker-bench-security .
``` ```
Or you can simply run the shell script locally: Or you can simply run the shell script locally:
```sh ```sh
git clone git@github.com:docker/docker-bench-security.git $ git clone git@github.com:docker/docker-bench-security.git
cd docker-bench-security $ cd docker-bench-security
sh docker-bench-security.sh $ sh docker-bench-security.sh
``` ```
The Docker Bench has the main script called `docker-bench-security.sh`. The Docker Bench has the main script called `docker-bench-security.sh`.
This is the main script that checks for all the dependencies, deals with This is the main script that checks for all the dependencies, deals with
command line arguments and loads all the tests. command line arguments and loads all the tests.
The tests are split in 6 different files: The tests are split into the following files:
```sh ```sh
✗ tree tests/
tests/ tests/
├── 1_host_configuration.sh ├── 1_host_configuration.sh
├── 2_docker_daemon_configuration.sh ├── 2_docker_daemon_configuration.sh
├── 3_docker_daemon_configuration_files.sh ├── 3_docker_daemon_configuration_files.sh
├── 4_container_images.sh ├── 4_container_images.sh
├── 5_container_runtime.sh ├── 5_container_runtime.sh
└── 6_docker_security_operations.sh ├── 6_docker_security_operations.sh
└── 7_docker_swarm_configuration.sh
``` ```
To modify the Docker Bench for Security you should first clone the repository, To modify the Docker Bench for Security you should first clone the repository,
@ -55,7 +55,8 @@ make your changes, check your code with `shellcheck`, `checkbashisms` or similar
tools, and then sign off on your commits. After that feel free to send us a tools, and then sign off on your commits. After that feel free to send us a
pull request with the changes. pull request with the changes.
While this tool was inspired by the [CIS Docker 1.11.0 benchmark](https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110), While this tool was inspired by the [CIS Docker 1.11.0 benchmark](https://benchmarks.cisecurity.org/downloads/show-single/index.cfm?file=docker16.110)
feel free to add new tests. We will try to turn [dockerbench.com](https://dockerbench.com) and its successors, feel free to add new tests. We will try to turn
into a list of good community benchmarks for both security and performance, [dockerbench.com](https://dockerbench.com) into a list of good community
and we would love community contributions. benchmarks for both security and performance, and we would love community
contributions.