Verify the security of the generated container.
TheBellman opened this issue · comments
Even though the Docker container sits on top of an official python container (https://hub.docker.com/_/python), which in turn sits on top of an official Debian container, we should exercise due diligence and run some standard tests against the container to verify there are no known vulnerabilities.
A simple scan through microbadger (https://microbadger.com/images/python:3.7-slim-buster) is a start, as it helps confirm the layers in the container, but there are a variety of other tools that can be applied to test against known vulnerabilities, e.g.
- https://github.com/quay/clair
- https://github.com/anchore/anchore-engine
- https://github.com/eliasgranderubio/dagda
We will then be able to make an assertion in the documentation that we have performed these checks.