Creating safe and secure custom Docker images

Allie Hajian
  • Updated

Learn how to avoid risks and follow best practices in creating safe and secure Docker images.

If you're bringing your own Docker image, please consider the following security advisoryIf you base your image on anything other than Terra Base Images, you must decide whether you trust the image provider. Even if you want to save time by building on somebody else’s work, it's a risk. From a security point of view, there are better paths to a safe and secure custom Docker than pulling an image.

What's the risk of a third-party image?  

Because anyone can publish an image on Docker Hub, third-party containers may contain malware or insecure software, or may set insecure settings. These may result in cryptojacking. For example, a malicious actor who stores malicious code as a Github gist and then RUN curl when the container is built. See this Example of a malicious image in Dockerhub.

Best practices

Limit packages

Because packages increase the risks, don't install unnecessary packages in your containers.

Recreate from scratch with the third-party image as a template

Try inspecting the Dockerfile and only include parts you feel are trustworthy. Note: Auditing a Dockerfile can sometimes take as long as configuring the image yourself.

Publishing your own images public versus non-public options

Note: Your Docker image does not have to be public if you use GCR. However, if you use DockerHub, the Docker image must be public.

Using Terra base images

Terra base images are curated and trusted. Learn how to create a custom image using our base images here.

Was this article helpful?

1 out of 2 found this helpful



Please sign in to leave a comment.