Lastly, the security of our Docker image is important. Conveniently, the Docker team has provided a tool called Docker Bench for Security (github.com/docker/docker-bench-security) that will analyze your running containers against a large list of common best practices.
The tool is available as a container itself, and can be run using the following command:
$ docker run -it --net host --pid host --userns host --cap-add audit_control \> -e DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \> -v /var/lib:/var/lib \> -v /var/run/docker.sock:/var/run/docker.sock \> -v /usr/lib/systemd:/usr/lib/systemd \> -v /etc:/etc --label docker_bench_security \> docker/docker-bench-securityUnable to find image 'docker/docker-bench-security:latest' locally ...