Docker

Sign

Generating Keys

# Generating Keys
docker trust key generate my-key

Signing

Sign and push

export DOCKER_CONTENT_TRUST=1
docker push registry.example.com/my-image:latest

Verifying

Verifying Trusted Images

export DOCKER_CONTENT_TRUST=1
docker pull registry.example.com/my-image:latest

Scan

Vulnerability scanning for Docker local images

docker scan --dependency-tree debian:buster
# Excluding the base image
docker scan --file Dockerfile --exclude-base docker-scan:e2e
# Checking the dependency tree
docker scan --dependency-tree debian:buster
# Provider authentication
docker scan --login --token SNYK_AUTH_TOKEN

Ref

How to Sign Your Docker Images to Increase Trust
How to Secure Containers with Cosign and Distroless Images
Docker Content Trust Gets Hardware Signing

Previousdnsmasq NextSkaffold

Last updated 2 years ago