Me and Omer Levi Hevroni have whipped out a guide consisting of 10 Docker image security best practices https://snyk.io/blog/10-docker-image-security-best-practices/
🐳 Use a linter to enforce Dockerfile best practices
🐳 Sign and verify images to mitigate MITM attacks
🐳 Use COPY instead of ADD
More in this docker security cheatsheet: [https://snyk.io/blog/10-docker-image-security-best-practices/](https://snyk.io/blog/10-docker-image-security-best-practices/)
I'm thinking the one bullet point about Notary is something you'd probably enable as a consumer, but hardly ever seen any organization that follows it to sign their images because the process is quite cumbersome.
What else will you add to the guide that you're doing?