πŸŽ‰ 75% of content is free forever β€” Unlock Premium from $10/mo β†’
CW
Search courses…
πŸ’Ό Servicesℹ️ Aboutβœ‰οΈ ContactView Pricing Plansfrom $10

Container Security

DevSecOps🟒 Free Lesson

Advertisement

Container Security

Docker security, Kubernetes hardening, image scanning, and runtime protection.

Overview

Container security protects containerized applications.

Docker Security

Secure Dockerfile

# Use non-root user
RUN groupadd -r appuser && useradd -r -g appuser appuser
USER appuser

# Don't store secrets
ENV API_KEY=""
# Use secrets management instead

# Read-only filesystem
RUN chmod -R 555 /app

Docker Bench Security

# Run security scan
docker run --rm -it \
  --net host --pid host --userns host --cap-add audit_control \
  -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \
  -v /var/lib:/var/lib:ro \
  -v /var/run/docker.sock:/var/run/docker.sock:ro \
  -v /etc:/etc:ro \
  docker/docker-bench-security

Kubernetes Security

Pod Security Policy

apiVersion: policy/v1beta1
kind: PodSecurityPolicy
metadata:
  name: restricted
spec:
  privileged: false
  allowPrivilegeEscalation: false
  requiredDropCapabilities:
    - ALL
  volumes:
    - 'configMap'
    - 'emptyDir'
    - 'projected'
    - 'secret'
    - 'downwardAPI'
    - 'persistentVolumeClaim'
  hostNetwork: false
  hostIPC: false
  hostPID: false

Network Policy

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny
spec:
  podSelector: {}
  policyTypes:
    - Ingress
    - Egress

Image Scanning

# Trivy scan
trivy image nginx:latest

# Clair scan
clair-scanner --ip 127.0.0.1 nginx:latest

Runtime Protection

# Falco rule
- rule: Detect crypto miners
  desc: Detect cryptocurrency mining
  condition: >
    spawned_process and container and
    (proc.name in (xmrig, minerd, cpuminer))
  output: >
    Crypto miner detected (user=%user.name container=%container.name)
  priority: CRITICAL

Security Best Practices

  1. Minimal images β€” Use distroless/alpine
  2. No root β€” Run as non-root user
  3. Read-only filesystem β€” Prevent modifications
  4. Resource limits β€” Prevent DoS
  5. Secrets management β€” Don't hardcode secrets

Practice

Harden a Kubernetes cluster with security policies.

⭐

Premium Content

Container Security

Unlock this lesson and 900+ advanced tutorials with a Premium plan.

🎯End-to-end Projects
πŸ’ΌInterview Prep
πŸ“œCertificates
🀝Community Access

Already a member? Log in

Need Expert Cybersecurity Help?

Get personalized tutoring, project support, or professional consulting.

Advertisement