Week 5: demo proposal #2428
Closed
Week 5: demo proposal #2428
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Readme is not correctly formatted Got: ['Assignment Proposal', 'Title', 'Names and KTH ID', 'Deadline', 'Category', 'Description', 'Relevance'] |
|
Readme is not correctly formatted Got: ['Assignment Proposal', 'Title', 'Names and KTH ID', 'Deadline', 'Category', 'Description', 'Relevance'] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Assignment Proposal
Title
Dockerfile Compliance Scanning with Docker Bench and Trivy
Names and KTH ID
Peiyang Zheng ([email protected])
Tianning Liang ([email protected])
Deadline
Week 5
Category
Demo
Description
In this demo, we will focus on how Dockerfile compliance scanning can be integrated into an Infrastructure as Code (IaC) workflow to ensure the security and stability of containerized applications. We will use tools such as Docker Bench and Trivy to automatically scan Dockerfiles and Docker images for security vulnerabilities and best practice violations.
The demo will walk through the process of writing a non-compliant Dockerfile, running compliance scans, and fixing the detected issues. We will show how these tools can be integrated into a CI/CD pipeline to ensure that Docker containers, as part of an IaC workflow, are compliant with security and operational standards. By automating the scanning process, we reduce the risk of deploying vulnerable containers in production environments, which is critical for maintaining infrastructure security.
Relevance
Docker containers are a key component in modern Infrastructure as Code practices, as they are widely used to package applications and services. Ensuring the compliance and security of Docker containers is an essential step in managing infrastructure at scale. This demo is relevant by demonstrating how to use compliance scanning tools to enforce security standards in containerized environments. By integrating these scans into an IaC pipeline, we can automate compliance checks and improve the reliability and security of infrastructure deployments.