-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
14 changed files
with
2,462 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| # Container | ||
|
|
||
| ## Container Grundlagen | ||
|
|
||
| ### Was ist ein Container? | ||
|
|
||
| Ein Container ist eine isolierte Umgebung, die eine Anwendung und alle ihre Abhängigkeiten enthält. Container teilen sich das Betriebssystem des Hosts, aber jede Container-Anwendung läuft isoliert im Benutzermodus. | ||
|
|
||
| ### Container vs. VMs | ||
|
|
||
|  | ||
|
|
||
| ### Virtual Machines | ||
|  | ||
|
|
||
| ### Container | ||
|  | ||
|
|
||
| ### Container Security | ||
|  |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| # Dockerfile | ||
|
|
||
| ## Problemstellung | ||
| ### Keine Reproduzierbarkeit beim Base Image | ||
| - Base Image ist nicht reproduzierbar | ||
| - Base Image ist nicht verifizierbar | ||
|
|
||
| #### Lösung | ||
| - Base Image selbst bauen | ||
| - Base Image verifizieren | ||
| - Base Image Version pinning | ||
|
|
||
| ### Keine Reproduzierbarkeit beim Build | ||
| - Build ist nicht reproduzierbar | ||
| - Build ist nicht verifizierbar | ||
|
|
||
| #### Lösung | ||
| - Build verifizieren | ||
| - Build Version pinning (package-lock.json, Gemfile.lock, requirements.txt) | ||
|
|
||
| ### Layering | ||
| - Falsche Reihenfolge der Layer | ||
|
|
||
| #### Lösung | ||
| - Dateien mit häufigen Änderungen nach unten | ||
|
|
||
| ### Root User | ||
| - Root User in Container | ||
|
|
||
| #### Lösung | ||
| - Letzer User sollte nicht root sein |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| # Application iceberg concept | ||
|
|
||
|  |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| # BAD EXAMPLE - DO NOT USE | ||
| FROM python:latest | ||
| RUN pip install flask | ||
| COPY app.py / | ||
| USER root | ||
| CMD [ "python", "./app.py" ] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| FROM python:3.7.3-stretch@sha256:a1c56db383e4169ce242f88c527608869afcb813e55b29d46ca3476b3edc4de7 | ||
| COPY requirements.txt /tmp/ | ||
| RUN pip install -r /tmp/requirements.txt --no-cache-dir && useradd --create-home appuser | ||
| WORKDIR /home/appuser | ||
| USER appuser | ||
| COPY app.py . | ||
| CMD [ "python", "./app.py" ] |
1 change: 1 addition & 0 deletions
1
2_supplychain/2_praxis/DemoContainerSecurity/Demo/container/requirements.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1 @@ | ||
| Flask==2.0.1 |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Oops, something went wrong.