Last updated May 16, 2019

When writing containers for a local development environment, security is often a lesser concern. This is fine as long as we never intend to put the containers we create in a production environment.

When we do want to make production-ready containers, however, our priorities change. While Docker tries to be secure by default, it can't protect us from badly configured or vulnerable applications. For that, we need to design our images to be more secure.

In this tutorial, we'll:

  • Outline the best practices for writing secure container images
  • Introduce the USER directive
  • Set file ownership using COPY and ADD
  • Use the RUN directive to set file permissions