We’ve just released a new feature and custom policy rule in Datree for Docker images.
The policy allows you to whitelist and blacklist Docker images and versions in your projects.
By blacklisting you can prevent devs from using images with security vulnerabilities, deprecated images, or images with components that are no longer maintained.
Say your team uses Alpine and you learn that Alpine v3.3-3.5 has a security vulnerability issue. You can go to Datree and see which repositories are currently using the image, and enable a Docker image policy that blocks developers from using the image.
Or you can use this policy to find and prevent usage of a deprecated image like jenkins/jenkins. Another example would be if your codebase is written in Python, you can use this policy to ensure noone is using Python 2.7 that’s no longer maintained.
Conversely, by whitelisting certain images and their versions as the only ones devs can use, you can ensure consistency and reduce maintenance burden.
See all versions of Docker images across all repos:
See in which repos the Docker images are being used:
Enforce your Docker image policy in pull requests:
To start using this policy, simply go to Custom Rules then create a new “custom Docker image” rule.
Developers spend a lot of time working with git and GitHub, so investing in improving your GitHub practices makes a lot of sense. Implementing best practices in this guide could help the team improve developer productivity and reduce security risks.
These Docker best practices ensure your Dockerfile is secure and lightweight. Apply them to improve container stability, security, and speed up deployments.