Documentation ¶
Index ¶
- type DockerBenchmarker
- func (bm *DockerBenchmarker) CheckAdd()
- func (bm *DockerBenchmarker) CheckDisallowedPackages()
- func (bm *DockerBenchmarker) CheckHealthCheck()
- func (bm *DockerBenchmarker) CheckNonRootUser()
- func (bm *DockerBenchmarker) CheckRunUpdateOnly()
- func (bm *DockerBenchmarker) CheckSecretsInsideImage()
- func (bm *DockerBenchmarker) CheckTrustedBaseImages()
- func (bm *DockerBenchmarker) GetViolationReport() benchmark.ViolationReport
- func (bm *DockerBenchmarker) IsTrustedBaseImage(image string) bool
- func (bm *DockerBenchmarker) ParseDockerfile(file string) error
- func (bm *DockerBenchmarker) RunBenchmark()
- func (bm *DockerBenchmarker) SetDisallowedPackages(packages []string)
- func (bm *DockerBenchmarker) SetSecretPattern(patterns []string)
- func (bm *DockerBenchmarker) SetTrustedBaseImages(images []string)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type DockerBenchmarker ¶
type DockerBenchmarker struct {
// contains filtered or unexported fields
}
func NewDockerBenchmarker ¶
func NewDockerBenchmarker() *DockerBenchmarker
NewDockerBenchmarker returns a bm object
func (*DockerBenchmarker) CheckAdd ¶
func (bm *DockerBenchmarker) CheckAdd()
CIS 4.9 Use COPY instead of ADD in Dockerfile
func (*DockerBenchmarker) CheckDisallowedPackages ¶
func (bm *DockerBenchmarker) CheckDisallowedPackages()
CIS 4.3 Do not install unnecessary packages in the container
func (*DockerBenchmarker) CheckHealthCheck ¶
func (bm *DockerBenchmarker) CheckHealthCheck()
CIS 4.6 add HEALTHCHECK instruction to the container image
func (*DockerBenchmarker) CheckNonRootUser ¶
func (bm *DockerBenchmarker) CheckNonRootUser()
CIS 4.1 Create a user for the container
func (*DockerBenchmarker) CheckRunUpdateOnly ¶
func (bm *DockerBenchmarker) CheckRunUpdateOnly()
CIS 4.7 Do not use update instructions alone in the Dockerfile
func (*DockerBenchmarker) CheckSecretsInsideImage ¶
func (bm *DockerBenchmarker) CheckSecretsInsideImage()
CIS 4.10 Do not store secrets in Dockerfiles (check label and env instructions only)
func (*DockerBenchmarker) CheckTrustedBaseImages ¶
func (bm *DockerBenchmarker) CheckTrustedBaseImages()
CIS 4.2 Use trusted base images for containers
func (*DockerBenchmarker) GetViolationReport ¶
func (bm *DockerBenchmarker) GetViolationReport() benchmark.ViolationReport
GetViolationReport returns the benchmark violation report
func (*DockerBenchmarker) IsTrustedBaseImage ¶
func (bm *DockerBenchmarker) IsTrustedBaseImage(image string) bool
func (*DockerBenchmarker) ParseDockerfile ¶
func (bm *DockerBenchmarker) ParseDockerfile(file string) error
func (*DockerBenchmarker) RunBenchmark ¶
func (bm *DockerBenchmarker) RunBenchmark()
RunBenchmark runs benchmark check
func (*DockerBenchmarker) SetDisallowedPackages ¶
func (bm *DockerBenchmarker) SetDisallowedPackages(packages []string)
func (*DockerBenchmarker) SetSecretPattern ¶
func (bm *DockerBenchmarker) SetSecretPattern(patterns []string)
func (*DockerBenchmarker) SetTrustedBaseImages ¶
func (bm *DockerBenchmarker) SetTrustedBaseImages(images []string)
Click to show internal directories.
Click to hide internal directories.