Hands-On Lab: Docker Static Analysis with Dockle and Hadolint

Hands on Lab

Dockle: Setup, Usage, and Cleanup

• Change the directory.

  cd /workspaces/ecr_eks_security_masterclass_public/docker-lab
  

• Download and install the latest version of Dockle on Debian/Ubuntu:

  VERSION=$(curl --silent "https://api.github.com/repos/goodwithtech/dockle/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/' ) && curl -L -o dockle.deb https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb
  
  sudo dpkg -i dockle.deb && rm dockle.deb
  

• Pull a sample Docker image:

  docker pull nginx:latest
  

• Run Dockle on the pulled Docker image:

  dockle nginx:latest
  

Review the report for vulnerabilities and misconfigurations.

Hadolint: Setup, Usage, and Cleanup

• Install Hadolint as a Docker container:

  docker pull hadolint/hadolint
  

• Create a sample Dockerfile:

  cat <<EOF > Dockerfile
  FROM nginx:latest
  RUN apt-get update && apt-get install -y curl
  CMD ["nginx", "-g", "daemon off;"]
  EOF
  

• Run Hadolint on the Dockerfile.

  docker run --rm -i hadolint/hadolint < Dockerfile
  

• Ignore specific linting rules.

  cat Dockerfile | docker run --rm -i hadolint/hadolint hadolint --ignore DL3008 -
  

Cleanup Dockle

• Remove the Docker image:

  docker rmi nginx:latest
  

• Uninstall Dockle if not needed:

  sudo apt remove dockle
  

Cleanup Hadolint

• Remove the Dockerfile:

  rm Dockerfile
  

• Remove the Hadolint Docker image:

  docker rmi hadolint/hadolint