Docker and container security are broad problem spaces and there are many low hanging fruits one can harvest to mitigate risks. A good starting point is to follow some best practices when writing Dockerfiles. I’ve compiled a list of common docker security issues and how to avoid them. For every issue I’ve also written an Open Policy Agent (OPA) rule ready to be used to statically analyze your Dockerfiles with conftest. You can’t shift more left than this! You can find the .rego rule set...
