Test docker image(s).
References:
-
✏️ Set environment variables. Example:
export BENCH_LOG_FILE_NAME=debian-11.scan export BENCH_TARGET_DOCKER_IMAGE=debian:11
-
Run the docker container. Example:
sudo docker run \ --cap-add audit_control \ --env DOCKER_CONTENT_TRUST=$DOCKER_CONTENT_TRUST \ --interactive \ --label docker_bench_security \ --net host \ --pid host \ --rm \ --tty \ --userns host \ --volume /etc:/etc \ --volume /usr/bin/docker-containerd:/usr/bin/docker-containerd \ --volume /usr/bin/docker-runc:/usr/bin/docker-runc \ --volume /usr/lib/systemd:/usr/lib/systemd \ --volume /var/lib:/var/lib \ --volume /var/run/docker.sock:/var/run/docker.sock \ --volume ${PWD}:/output \ docker/docker-bench-security \ -b \ -l /output/${BENCH_LOG_FILE_NAME} \ -t ${BENCH_TARGET_DOCKER_IMAGE}
-
The
${BENCH_LOG_FILE_NAME}file will be in the${PWD}directory.