Here’s a free, open-source tool to assess the security of your Docker deployment against CIS benchmark for Docker. You can download the “Docker-Bench-Security” tool for Linux Docker Node from the following link/command:

git clone https://github.com/docker/docker-bench-security.git

First, make sure that you have “git” tool, if not, then install it first. For REDHAT family run the following command:

yum install git -y

Then, run the tool, you need first to navigate to the tool directory where you downloaded it in your OS.

You should see a result like this once you run the script

It finishes the assessment quickly. You can review the port by opening the log file of the tool, the default file is “docker-bench-security.sh.log” located in the tool directory.

# cat docker-bench-security.sh.log | more

The output of the report should like this example below:

This report highlights the state of your Docker platform, and categorizes the areas that needs your attention. It’s free, and very effective.

To download CIS benchmark of Docker security, click here.

Recommended training courses for Docker security:

-“Securing The Docker Platform” by Nigel Brown at Pluralsight.

-“Securing The Docker Container Workload” by Nigel Brown at Pluralsight