This page provides information about best practices for building and running container images.
The approach that you take to creating your containers can impact the speed of builds and deployments, as well as the effort required to maintain your images.
Learn best practices for building containers that are easier build and run.
You can also read the Docker best practices for building images.
Learn best practices for operating containers. These practices include recommendations for security, monitoring, and logging that make applications easier to run in Google Kubernetes Engine and in containers in general.
Securing the software supply chain
Learn about keeping your software secure throughout the software lifecycle.
Assessing container security
The Center for Internet Security (CIS) has a Docker Benchmark for evaluating the security of a Docker container.
Docker provides an open source script called Docker Bench for Security. You can use the script to validate a running Docker container against the CIS Docker Benchmark.
Docker Bench For Security can help you verify many items in the CIS Docker Benchmark, but not all items are verifiable with the script. For example, the script cannot verify if the host for the container is hardened or if the container image includes personal data. Review all items in the benchmark and identify those that might need additional verification.
Learn about building a secure software supply chain on Google Kubernetes Engine and how to use vulnerability scanning and Binary Authorization on Google Cloud to define and enforce policies for deployment.
You can also watch a video that describes securing your software supply chain.