Image Linter for Security, Helping build the Best-Practice Docker Image https://github.com/future-architect/vuls Agent-less VULnerable Scanner All-round vulnerability scanner https://github.com/aquasecurity/trivy Simple and Comprehensive Vulnerability Scanner for Containers, Suitable for CI
OS or Ubuntu • Container Runtime : gVisor • Image Registry : GCR • Docker Daemon : Managed • Orchestration Tool : need to be conﬁgured • Container Image : easy to control it is difﬁcult to control them except for Container Image. Managed
Registry : ECR • Container Runtime : Managed • Docker Daemon : difﬁcult to control • Orchestration Tool : original tool • Container Image : easy to control it is difﬁcult to control them except for Container Image. Managed
of the repository is very simple. https://github.com/tomoyamachi/imagecheck-for-gocon If you try to create better design, please check aquasecurity/trivy and goodwithtech/dockle. nginx setting Built-in Rule - Use LTVS log format Matching Analyze nginx.conf nginx/conf.d/
/path/to/project $ go run main.go nginx:latest 2019/10/21 01:49:28 Start assessments... 2019/10/21 01:49:28 etc/nginx/nginx.conf: Expect log format contains "ltsv" but "main;" Exit status 1 Now we can check nginx log format!!