Me and Omer Levi Hevroni have whipped out a guide consisting of 10 Docker image security best practices https://snyk.io/blog/10-docker-image-security-best-practices/
🐳 Use a linter to enforce Dockerfile best practices
🐳 Sign and verify images to mitigate MITM attacks
🐳 Use COPY instead of ADD
More in this docker security cheatsheet: [https://snyk.io/blog/10-docker-image-security-best-practices/](https://snyk.io/blog/10-docker-image-security-best-practices/)
I'm thinking the one bullet point about Notary is something you'd probably enable as a consumer, but hardly ever seen any organization that follows it to sign their images because the process is quite cumbersome.
What else will you add to the guide that you're doing?
The UX of image signing isn’t great today, meaning it’s hardly ever used anywhere.
What can be done about this?
The Ultimate Docker Security Best Practices for Your Node.js Application
https://www.clickittech.com/devops/docker-security-best-practices/
There are multiple [docker security best practices](https://www.clickittech.com/devops/docker-security-best-practices/). One of them is, It would be ideal if you maintained Docker up to date at all times. Updating and upgrading the codes and features to reflect the most recent advances and trends is what it means to be up to date. This is critical for security, as containers are exposed to new threats on a daily basis. With up-to-date practice, you can keep Docker ready for the future new security concerns and threats.