|4 days ago||8 days ago|
|GNU General Public License v3.0 only||MIT License|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Kubernetes Security Checklist 2021
28 projects | dev.to | 18 Oct 2021
Dockerfile should be checked during development by automated scanners (Kics, Hadolint, Conftest)
3 projects | reddit.com/r/u_sybrenbolandit | 31 Aug 2021
Linters are an effective way to catch (security) bugs early on in your development process. For most programming languages using linters is pretty standard. Hadolint is a linter for your Dockerfiles and is found on github here.
Best Practices for R with Docker
8 projects | dev.to | 31 May 2021
Best practices for writing Dockerfiles are being followed more and more often according to this paper after mining more than 10 million Dockerfiles on Docker Hub and GitHub. However, there is still room for improvement. This is where linters come in as useful tools for static code analysis. Hadolint lists lots of rules for Dockerfiles and is available as a VS Code extension.
21 Best Practises in 2021 for Dockerfile
2 projects | dev.to | 29 May 2021
Dockerizing Shiny Applications
3 projects | dev.to | 10 May 2021
Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non privileged user after running the commands you need as root. – Hadolint rule DL3002
What do you use for container security, and where do you think there is room for improvement?
1 project | reddit.com/r/devops | 2 Apr 2021
Hadolint for more SAST like : https://github.com/hadolint/hadolint
ShellCheck: A static analysis tool for shell scripts
12 projects | news.ycombinator.com | 18 Mar 2021
Hadolint is another. It's built atop shellcheck.
Docker Security Cheat Sheet
3 projects | news.ycombinator.com | 13 Mar 2021
I use Hadolint as a CI job to check if my Dockerfiles follow the good "rules". But there is one rule that annoys me the most and which is also present in this article, is the pinned OS package version rule. While I understand its interest, I struggle to handle this problem.
When I build new images and it failed because the pinned version is not available anymore, I have to dig into Debian or Ubuntu packages websites to find the new ones as they don't keep the old packages online.
I know I could ask Hadolint to ignore this rule but I don't like this and I think it's important to stick to a certain version of a package to avoid problems. I'm just trying to find any tip that could make me use pinned version and avoid this search every time. Does apt-get install allows wildcard for example?
Dockerfile Best Practices
7 projects | news.ycombinator.com | 2 Jan 2021
Another useful resource is hadolint (https://github.com/hadolint/hadolint), which not only gives additional recommendations, but also a way to enforce this.
Run More Stuff in Docker
11 projects | news.ycombinator.com | 26 Dec 2020
RUN curl -sSL "https://github.com/hadolint/hadolint/releases/download/$HADO..." -o /usr/bin/hadolint
Monitoring app releases and updates..
3 projects | reddit.com/r/selfhosted | 20 Oct 2021
Docker networks and container separation.
1 project | reddit.com/r/docker | 20 Oct 2021
Watchtower is excellent, and if you don’t want things automatically handled then Diun is a great alternative.
Regarding management of docker containers
2 projects | reddit.com/r/selfhosted | 10 Oct 2021
Diun for container update notifications: https://crazymax.dev/diun/2 projects | reddit.com/r/selfhosted | 10 Oct 2021
I recently found Diun, which solves the problem. This is at the top of my to-do list.
How do you handle breaking changes while using Watchtower?
2 projects | reddit.com/r/docker | 11 Sep 2021
Otherwise I would set up notifications so a human can confirm and test the changes: https://github.com/crazy-max/diun
Monitoring image updates when not using :latest
2 projects | reddit.com/r/docker | 4 Aug 2021
And for all others, to only receive notifications, DIUN runs after Pullio: https://github.com/crazy-max/diun
Managing updates to docker containers / Oversee outdated images
2 projects | reddit.com/r/selfhosted | 28 Jul 2021
Docker Image Update Notifier
Sabnzbd/Sonarr on dsm7 without docker
1 project | reddit.com/r/synology | 16 Jul 2021
I have DIUN running to notify me when a container is updated.
Primeiros passos com self-hosting
11 projects | dev.to | 4 Jul 2021
Keeping Up with Docker Official Images
5 projects | news.ycombinator.com | 8 Jun 2021
I keep track of upstream image changes using https://github.com/crazy-max/diun
... but I also separately ensure all software installed in a docker image is pinned to a version, and have a process I run daily to check whether the upstream packages versions have changed, in which case I rebuild the images which then get the updated (possibly security) version.
It's fiddly, and a lot of bash and perl. I'd welcome a similarly trust-able tooling from a reputable source.
What are some alternatives?
watchtower - A process for automating Docker container base image updates.
docker-socket-proxy - Proxy over your Docker socket to restrict which requests it accepts
trivy - Scanner for vulnerabilities in container images, file systems, and Git repositories, as well as for configuration issues
shepherd - Docker swarm service for automatically updating your services whenever their image is refreshed
Sandboxie - Sandboxie - Open Source
Cryptomator - Multi-platform transparent client-side encryption of your files in the cloud
podman - Podman: A tool for managing OCI containers and pods.
ormolu - A formatter for Haskell source code
distroless - 🥑 Language focused docker images, minus the operating system.
dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
leksah - Haskell IDE
authelia - The Single Sign-On Multi-Factor portal for web apps