Additionally, set the permissions for the files and directories to the user. When troubleshooting the running container, the exact image will be obvious.įor security purposes, always ensure that your images run as non-root by defining USER in your Dockerfile. Use a specific tag or version for your image, not "latest". Scan a base or application image to confirm that it doesn't contain any known security vulnerabilities. When a new release of the base image is available, rebuild the application image to incorporate the base image's latest release because that release contains the latest fixes. This release should contain the latest security patches available when the base image is built. Use the latest release of a base image.Use the current release base upstream imageĪlways use the most current release base upstream image to provide security. The following list describes tips and best practices for creating secure Dockerfiles that are highly maintainable. 10 Tips and best practices for Dockerfiles Finally, the Dockerfile, like any well-written code, should be easy to understand and use. The image produced should be as small as possible because the image(s) must be stored remotely and transported in the network. It is also important that the images that they create are secure and do not contain unnecessary vulnerabilities that increase the attack surface for your application. Like code, Dockerfiles change over time and, therefore, should be written in such a way that makes them easy to update in the future. This article provides tips and best practices for creating secure Dockerfiles that are highly maintainable.