Automated checks for Docker hosts and containers against the CIS Docker Benchmark
- Stars9.7k
- Forks1k
- Open Issues27
Apache-2.0
- Shell
- Dockerfile
About Docker Bench for Security
Docker Bench for Security checks Docker deployments against common best practices for running containers in production. Its automated tests follow the CIS Docker Benchmark v1.6.0, letting you self-assess hosts and containers against that baseline.
The script runs from a base host or inside a Docker container. You can run all tests or target specific check IDs and groups, exclude checks, filter by container or image name, and limit reported items in JSON output. Results are written as JSON and plain text logs, and remediation steps print by default.
It requires Docker 1.13.0 or later. The tool runs locally with broad host access rather than as a hosted service, and it supports running on Docker Desktop for macOS with a few path adjustments.
Key features
- Automated CIS Docker Benchmark v1.6.0 checks
- Run all checks or target specific check IDs and groups
- JSON and plain text log output
- Filter or exclude by container or image name
- Remediation measures printed by default
Details
- First released
- 2015
- Benchmark
- CIS Docker Benchmark v1.6.0
- Requires
- Docker 1.13.0 or later
- Platforms
- Linux · Docker · macOS
- Output
- JSON · plain text logs