...
No. | Security measures | Explanation |
|---|---|---|
1 | Select base image | Choose a lightweight, reliable base image. Consider using official or security-enhanced images. i-PRO's SDK provides base images, so please use them unless you need additional information. |
2 | Image vulnerability scan | Regularly scan container images with tools to identify and remediate vulnerabilities. |
3 | Creating a secure Dockerfile | Create Dockerfile securely. Don't install unnecessary packages, use ADD instead of COPY, minimize user privileges, etc. Many of these practices can be detected by the vulnerability tools listed above. |
4 | Applying security context | Minimize risk by setting appropriate permissions and resource limits on your containers. The i-PRO camera restricts these settings, and an error will occur if you try to start the container with settings outside the permitted range. To avoid this error, please use the template settings provided by i-PRO. |
5 | Container network security | Configure your network settings appropriately and avoid opening unnecessary ports. It also applies security policies to communication between containers. |
6 | Logging and monitoring | Monitor containers and collect logs to quickly detect anomalies and security incidents. It is necessary to implement output logging with an appropriate amount and content. |
7 | Confidential Sensitive data measures | Avoid keeping sensitive data inside containers. If you want to handle sensitive data or safely manage application settings, you need to take measures such as using a secure storage solution. The i-PRO camera provides a data storage environment using named volumes as a method. Encrypting sensitive data and storing it in volume further improves security. |
8 | CI/CD pipeline security | We perform security checks at each stage of build, test, and deployment to detect and fix unauthorized operations and vulnerable code. This includes using the vulnerability scanning tools mentioned above. Set up appropriate access controls in your CI/CD pipeline and adhere to security best practices. |
9 | Creating and managing SBOM | Create and manage SBOM for vulnerability management and supply chain risk management. We recommend that you understand the OSS included in the image. |
...