Rule Description

Check and harden Docker containers periodically to ensure proper running. Security hardening includes but is not limited to suggestions in the following sections, which are for reference only. For details, see the related official documents.

Docker is not within the solution delivery scope. To ensure Docker security, you are advised to use a container intrusion detection tool to check malicious behavior targeting containers, and monitor the host in real time to detect and handle any abnormalities.

The host OS where Docker runs must be hardened based on the related hardening specifications or guides to prevent host vulnerabilities. If the host OS is not hardened, security vulnerabilities and violations may exist.

Docker security hardening measures include but are not limited to: hardening the host OS, configuring strict access control policies, controlling the Docker container resource quota, prohibiting untrusted images, periodically performing security scans, and installing patches.