From 8d91b99f8a43ba616fb247b2590e8b06640fc60a Mon Sep 17 00:00:00 2001 From: Tianning Liang <646432316@qq.com> Date: Sun, 8 Sep 2024 12:21:12 +0200 Subject: [PATCH] Week 5: demo proposal (#2432) * Demo proposol * Update README.md --- .../demo/week5/tianning-peiyang/README.md | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 contributions/demo/week5/tianning-peiyang/README.md diff --git a/contributions/demo/week5/tianning-peiyang/README.md b/contributions/demo/week5/tianning-peiyang/README.md new file mode 100644 index 0000000000..0b6cbe1cb4 --- /dev/null +++ b/contributions/demo/week5/tianning-peiyang/README.md @@ -0,0 +1,28 @@ +# Assignment Proposal + +## Title + +Dockerfile Compliance Scanning with Docker Bench and Trivy + +## Names and KTH ID + +- Tianning Liang (tianning@kth.se) +- Peiyang Zheng (peiyang@kth.se) + +## Deadline + +- Week 5 + +## Category + +- Demo + +## Description + +In this demo, we will focus on how Dockerfile compliance scanning can be integrated into an Infrastructure as Code (IaC) workflow to ensure the security and stability of containerized applications. We will use tools such as Docker Bench and Trivy to automatically scan Dockerfiles and Docker images for security vulnerabilities and best practice violations. + +The demo will walk through the process of writing a non-compliant Dockerfile, running compliance scans, and fixing the detected issues. We will show how these tools can be integrated into a CI/CD pipeline to ensure that Docker containers, as part of an IaC workflow, are compliant with security and operational standards. By automating the scanning process, we reduce the risk of deploying vulnerable containers in production environments, which is critical for maintaining infrastructure security. + +**Relevance** + +Docker containers are a key component in modern Infrastructure as Code practices, as they are widely used to package applications and services. Ensuring the compliance and security of Docker containers is an essential step in managing infrastructure at scale. This demo is relevant by demonstrating how to use compliance scanning tools to enforce security standards in containerized environments. By integrating these scans into an IaC pipeline, we can automate compliance checks and improve the reliability and security of infrastructure deployments.