Docker Security Best Practices
72%
Know Your Software Bill of Materials (SBOM)
Inside the container, install only the necessary packages and avoid unnecessary ones. This will help reduce the attack surface. To view the list of installed packages in a container, use the appropriate package manager and run the following command:
# Example with Alpine Linux
docker run -it -d --name my_alpine alpine:latest tail -f /dev/null
# Get the container ID
CONTAINER_ID=$(docker ps -qf "name=my_alpine")
# List installed packages
docker exec -it $CONTAINER_ID apk info
Using more sophisticated tools to get the SBOM (Software Bill of Materials) for your container images can also help identify unnecessary packages. Tools like Syft can generate an SBOM for your container images:
# Install Syft
curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
# Generate SBOM for a Docker image
syft docker:alpine:latest -o table
Painless Docker - 2nd Edition
A Comprehensive Guide to Mastering Docker and its EcosystemEnroll now to unlock all content and receive all future updates for free.
Unlock now  $31.99$25.59Learn More
Hurry! This limited time offer ends in:
To redeem this offer, copy the coupon code below and apply it at checkout: