In this liveProject, you’ve just started a new role as a release engineer for the enterprise finance company FinShare. FinShare wants to modernize its outdated technology stack with containerization and you’ve been tasked with building an automated container workflow for future production use. But there’s a big catch: FinShare operates under some major regulatory requirements and any breaches in security could be disastrous for the company’s reputation and bottom line. Your challenge is to make sure that FinShare’s Docker containers are built to be secure, robust, and compliant. To do this, you’ll implement your security team’s requirements, identify and fix governance issues, create signed and trusted container images, and optimize your container builds—all based on the specialist guidance of your expert colleagues.
This project is designed for learning purposes and is not a complete, production-ready application or solution.
This liveProject is for developers, SRE, or operational team members with experience creating Docker containers using Dockerfile. You will need a free DockerHub and GitHub account. To begin this liveProject, you will need to be familiar with:
- Fundamentals of Git and GitHub
- Basics of make scripts
- Basics of DockerHub
- Intermediate Docker CLI knowledge
- Intermediate Dockerfile command awareness
- Intermediate Markdown/YAML file creation and manipulation
- Basic Docker local filesystem mounting knowledge
- Basic Docker run parameter passing techniques
- Basic DockerHub push and pull capabilities
- Basic Git push and pull capabilities
- Basic make target creation
- Experience creating Dockerfiles that build Docker Images
- Experience running Docker containers requiring
you will learn
In this liveProject, you’ll learn fundamental development practices for building security into your Docker containers. These skills will ensure your containers are robust and compliant to best practices, and will give you a deeper understanding of software security principles in general.
- Principle of Least Privilege and other security principles
- Static analysis, dependency checking and resource signing
- Custom-designed security and governance policies in automated builds pipelines
- Optimization techniques such as multi-stage builds and scratch images
- Inspect and extract container dependencies
- Creating signed containers