Docker Bench Security

This project is a security compliance tool and configuration auditor designed to evaluate Docker deployments against industry security benchmarks. It functions as a script-based scanner that identifies misconfigurations and vulnerabilities within both the host operating system and container settings.

The tool specifically implements the Center for Internet Security standards for Docker to verify host and container configurations. It enables a hardening workflow by comparing system states against these standards to identify security gaps and document compliance status.

The audit engine supports modular test filtering to target specific security domains and generates reports in both plain text and JSON formats. These exports allow audit results to be used for human review or integrated into external security monitoring systems.

Features

Security Configuration Auditing - Automates the inspection of Docker host and container configurations to identify security gaps and misconfigurations.

Security Audit Scripts - Provides a specialized script for auditing Docker deployments against industry security benchmarks.

Compliance Verification Tools - Automates the assessment and reporting of Docker deployments against international security and compliance standards.

Container Security - Evaluates container environments and host configurations against benchmarks to ensure adherence to security best practices.

Container Security Scanners - Scans Docker host settings and container deployments to identify critical security misconfigurations and vulnerabilities.

CIS Benchmark Implementations - Implements specific Center for Internet Security (CIS) benchmarks to evaluate Docker host and container configurations.

Container Security Hardening - Provides a workflow to identify vulnerabilities and apply security best practices to harden Docker container settings.

Security Benchmark Validations - Provides automated verification of system configurations against validated security reference profiles like the CIS benchmarks.

Security Audit Engines - Implements a shell-scripted engine to execute a sequence of configuration checks against a security baseline.

Customizable Security Checks - Allows for the selection and customization of specific security checks to target particular deployment domains.

Compliance & Audit Tools - Generates detailed audit reports in multiple formats to document compliance with security standards.

Container-Host Configuration Auditing - Analyzes differences between the host operating system and container runtime to identify potential security gaps.

Test Execution Filtering - Allows users to select specific subsets of security checks for execution via command line arguments.

Container Management - Audits Docker deployments against security best practices.

Container Security - Benchmarking Docker configurations against CIS standards.

Infrastructure as Code Analysis - Checks container deployments against security best practices.

Cloud and Container Security - Checks container deployments against industry-standard security benchmarks.

Container Security Tools - Automated script to check for production deployment best practices.

Security And Hardening - Checks for production security best practices.

dockerdocker-bench-security

Features

Star history