Dockerfile Best Practices

Dockerfile best practices are sets of guidelines that help in creating secure Docker images that can protect itself from attacks and vulnerabilities. Nirmata provides a collection of Kyverno policies that are aimed at implementing Dockerfile best practices. Refer to the official Docker documentation to learn about the practices in detail.

Click on the below profiles to dig deeper into the controls and their associated Kyverno policy. Nirmata also provides a reference to what a good resource looks like that conforms to these best practices.

Dockerfile Best Practices

Check Unauthentication

Check Certificate Validation Curl

Check Certificate Validation Nodejs-env-var

Check Certificate Validation pip3

Check Certificate Validation Python-env-var

Check Certificate Validation Wget

Check Last User

Check Missing Signature Options

Check Nogpgcheck

Check NPM Config Strict SSL

Check Untrust Flag

Detect Multiple Instructions

Disallow Sudo Operations

Prefer Copy Over Add

Validate Base Image Tag

Validate Expose Port 22

Validate Healthcheck Instruction

Validate User Instruction