-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(Docker): add Secrets, Compose v2, Supply Chain Security, Podman #1301
Conversation
- Updates Docker Compose references to use v2 `docker compose` command - Change ICC recommendation to use network policies instead of disabling Signed-off-by: otkd <[email protected]>
- Following existing syntax adds Rule OWASP#13 covering Docker Secrets Signed-off-by: otkd <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall I really like this. This is a much needed update and also improves the grammar of the cheat sheet. I left a few comments and suggestions, feel free to let me know if you disagree with any of them.
Co-authored-by: Shlomo Zalman Heigh <[email protected]>
- Merges the linting and container scanning section into a single rule - Fixes issue in proposed solution in Rule 10 doesn’t actually help implement the suggestion - Expand rootless mode - Add high level practices covering Docker supply chain security - Add Podman as an alternative to Docker for secure defaults Signed-off-by: otkd <[email protected]>
@szh agree with all of them, also prompted me to take a look at some of the other sections which I've updated as well |
docker compose
commandThank you for submitting a Pull Request (PR) to the Cheat Sheet Series.
Please make sure that for your contribution:
[TEXT](URL)
If your PR is related to an issue, please finish your PR text with the following line:
This PR covers issue #.
Thank you again for your contribution 😃