Securing Docker Containers

prerequisites
Experience creating Docker files with Dockerfile, Fundamentals of Git and GitHub, Basics of make scripts, Basics of DockerHub
skills learned
Security principles for containers; Static analysis, dependency checking, and resource signing; Custom security policies
Peter Sellars
4 weeks · 6-8 hours per week · BEGINNER
Look inside
In this liveProject, you’ve just started a new role as a release engineer for the enterprise finance company FinShare. FinShare wants to modernize its outdated technology stack with containerization, and you’ve been tasked with building an automated container workflow for future production use. But there’s a big catch: FinShare operates under some major regulatory requirements, and any breaches in security could be disastrous for the company’s reputation and bottom line. Your challenge is to make sure that FinShare’s Docker containers are built to be secure, robust, and compliant. To do this, you’ll implement your security team’s requirements, identify and fix governance issues, create signed and trusted container images, and optimize your container builds—all based on the specialist guidance of your expert colleagues.
This project is designed for learning purposes and is not a complete, production-ready application or solution.

book resources

When you start your liveProject, you get full access to the following books for 90 days.

project author

Peter Sellars
Pete is a platform engineer at HyprNZ and founder of Catosplace. He has many years of experience in building and operating containers. He has worked closely with security, governance and development teams to build secure, robust and verifiable containers across many business domains. Pete has spoken at DevOpsDays NZ and Container Camp, and he founded the Auckland Docker and Continuous Delivery Meetup. He has run Docker Birthday Hack Days and workshops in Auckland, New Zealand in his role as a Docker Community Leader.

Prerequisites

This liveProject is for developers, SRE, or operational team members with experience creating Docker containers using Dockerfile. You will need a free DockerHub and GitHub account. To begin this liveProject, you will need to be familiar with:

TOOLS
  • Fundamentals of Git and GitHub
  • Basics of make scripts
  • Basics of DockerHub
  • Intermediate Docker CLI knowledge
  • Intermediate Dockerfile command awareness
  • Intermediate Markdown/YAML file creation and manipulation
TECHNIQUES
  • Basic Docker local filesystem mounting knowledge
  • Basic Docker run parameter passing techniques
  • Basic DockerHub push and pull capabilities
  • Basic Git push and pull capabilities
  • Basic make target creation
  • Experience creating Dockerfiles that build Docker Images
  • Experience running Docker containers requiring

you will learn

In this liveProject, you’ll learn fundamental development practices for building security into your Docker containers. These skills will ensure your containers are robust and compliant to best practices, and will give you a deeper understanding of software security principles in general.

  • Principle of Least Privilege and other security principles
  • Static analysis, dependency checking and resource signing
  • Custom-designed security and governance policies in automated builds pipelines
  • Optimization techniques such as multi-stage builds and scratch images
  • Inspect and extract container dependencies
  • Creating signed containers

features

Self-paced
You choose the schedule and decide how much time to invest as you build your project.
Project roadmap
Each project is divided into several achievable steps.
Get Help
While within the liveProject platform, get help from other participants and our expert mentors.
Compare with others
For each step, compare your deliverable to the solutions by the author and other participants.
book resources
Get full access to select books for 90 days. Permanent access to excerpts from Manning products are also included, as well as references to other resources.

project outline

Introduction

Prerequisites Test

New module

Start Project

1. Applying Good Development Practices to Our Container Build

1.1. Applying Good Development Practices to Our Container Build

Persistent Storage and Shared State with Volumes

Working with Storage and Volumes

1.2. Submit Your Work

2. Security Policies for Our Container Build

2.1. Establishing and Implementing Security Policies for Our Container Build

2.2. Introduce Container Security Scanning Security into Our Container Build Pro

User Permissions

Service Health and Rollback

Orchestrating the Build with make

Security and Control

Conquering Container Security with Docker

2.3. Submit Your Work

3. Incorporating Governance Requirements into Our Container Build

3.1. Incorporating Governance Requirements into Our Container Build

Inspecting Containers

3.2. Submit Your Work

4. Ensuring Operational Trust by Creating Signed and Trusted Content

4.1. Ensuring Operational Trust by Creating Signed and Trusted Content

Conquering Container Security with Docker

Signing Containers with Docker Content Trust

4.2. Submit Your Work

5. Making Container Process & Build Optimizations

5.1. Making Container Process & Build Optimizations

Using PID 1 and init Systems

Variations of Runtime Image via Multi-stage Builds

5.2. Submit Your Work

Summary

Project Conclusions

Frequently Asked Questions (FAQs)

Look inside

placing your order...

Don't refresh or navigate away from the page.
liveProject $35.00 $49.99 self-paced learning
Securing Docker Containers (liveProject) added to cart
continue shopping
go to cart
Prices displayed in rupees will be charged in USD when you check out.