Cybersecurity-Projects/PROJECTS/intermediate/docker-security-audit/README.md

3.6 KiB

██████╗  ██████╗  ██████╗██╗  ██╗███████╗███████╗ ██████╗
██╔══██╗██╔═══██╗██╔════╝██║ ██╔╝██╔════╝██╔════╝██╔════╝
██║  ██║██║   ██║██║     █████╔╝ ███████╗█████╗  ██║
██║  ██║██║   ██║██║     ██╔═██╗ ╚════██║██╔══╝  ██║
██████╔╝╚██████╔╝╚██████╗██║  ██╗███████║███████╗╚██████╗
╚═════╝  ╚═════╝  ╚═════╝╚═╝  ╚═╝╚══════╝╚══════╝ ╚═════╝

Cybersecurity Projects Go License: AGPLv3 Go Report Card Docker

Docker security audit CLI that checks containers, images, and Dockerfiles against CIS Docker Benchmark v1.6.0.

This is a quick overview — security theory, architecture, and full walkthroughs are in the learn modules.

What It Does

  • Scans running containers, images, Dockerfiles, and compose files for misconfigurations
  • Checks against CIS Docker Benchmark v1.6.0 with severity scoring
  • Detects privileged containers, dangerous capabilities, socket mounts, and namespace sharing
  • Outputs terminal (colored), JSON, SARIF (GitHub Security tab), and JUnit formats
  • Supports severity filtering and fail-on-critical for CI/CD pipelines
  • Validates AppArmor/seccomp profiles, resource limits, and user namespace remapping

Quick Start

go install github.com/CarterPerez-dev/docksec/cmd/docksec@latest
docksec scan

[!TIP] This project uses just as a command runner. Type just to see all available commands.

Install: curl -sSf https://just.systems/install.sh | bash -s -- --to ~/.local/bin

Commands

docksec scan                                    # scan all targets with colored output
docksec scan --format sarif -o results.sarif    # export SARIF for GitHub Security tab
docksec scan --severity critical,high           # filter by severity
docksec scan --fail-on critical                 # exit non-zero for CI pipelines

Learn

This project includes step-by-step learning materials covering security theory, architecture, and implementation.

Module Topic
00 - Overview Prerequisites and quick start
01 - Concepts Security theory and real-world breaches
02 - Architecture System design and data flow
03 - Implementation Code walkthrough
04 - Challenges Extension ideas and exercises

License

AGPL 3.0