Securing applications with secure Docker images
I've covered many aspects of securing containers at runtime, but the Docker platform provides security in depth that starts before any containers are run. You start securing your application by securing the image that packages your application.
Building minimal images
It's unlikely that an attacker can compromise your application and gain access to the container, but you should build your image to mitigate the damage if that happened. Building a minimal image is key. The ideal Docker image should contain nothing more than the application and the dependencies it needs to run.
This is more difficult to achieve for Windows applications than Linux apps. A Docker image for a Linux app can use a minimal distribution as the base, packaging just the application binaries on top. The attack surface for that image is very small even if an attacker gained access to the container, they would find themselves in an operating system with very few features.
In...
