2 KiB
Contributing to Docker Bench for Security
Want to hack on Docker Bench? Awesome! Here are instructions to get you started.
The Docker Bench for Security is a part of the Docker project, and follows the same rules and principles. If you're already familiar with the way Docker does things, you'll feel right at home.
Otherwise, go read Docker's contributions guidelines.
Development Environment Setup
The only thing you need to hack on Docker Bench for Security is a POSIX 2004 compliant shell. We try to keep the project compliant for maximum portability
Start hacking
You can build the container that wraps the docker-bench for security:
✗ git clone git@github.com:docker/docker-bench-security.git
✗ cd docker-bench-security
✗ docker build -t docker-bench-security .
Or you can simply run the shell script locally:
✗ git clone git@github.com:docker/docker-bench-security.git
✗ cd docker-bench-security
✗ sh docker-bench-security.sh
The Docker Bench has the main script called docker-bench-security.sh. This is the main script that checks for all the dependencies, deals with command line arguments and loads all the tests.
The tests are split in 6 different files:
✗ tree tests/
tests/
├── 1_host_configuration.sh
├── 2_docker_daemon_configuration.sh
├── 3_docker_daemon_configuration_files.sh
├── 4_container_images.sh
├── 5_container_runtime.sh
└── 6_docker_security_operations.sh
To modify the Docker Bench for Security you should first clone the repository, make your changes, check your code with shellcheck, checkbashisms or similar tools, and then sign off on your commits. After that feel free to send us a pull-request with the changes.
While this tool is inspired in the CIS Docker 1.6 Benchmark, feel free to add new tests. We will try to turn dockerbench.com into a list of good community benchmarks for both security and performance, and we would love community contributions.