Container Security


Gregg, James R
 
Edited

Per my conversation with David @ the Edinburgh F2F, here’s a tool we have begun to look at as part of our CI/CD pipeline. There’s a recent PR that now adresses the gap around filtering the scan to a specific container. We also only focus on the relevants checks related to the Docker container but can also look at the underlying host for black box testing. 
https://github.com/docker/docker-bench-security

Thank You, 
James Gregg 
Intel Corporation / IOTG RSD

Join EdgeX-TSC-Security@lists.edgexfoundry.org to automatically receive all group messages.