CIS Docker Benchmark Report
Target: Standard Image | Profile: Level 1 - Container | Benchmark Ver: docker-cis-1.6.0
Compliance Scorecard
-
Automated Score ---
100%
Based on 6 Automated Checks
-
Manual Review --- 6
Items Require Operational Audit
-
Blocking Failures ---
0
Critical Config Errors
Operational Verification Required
The image passed all automated checks. Ensure the Host Environment satisfies the Manual controls listed below to achieve full certification.
Detailed Audit Log
1. Automated Controls
| Status | ID | Control Description | Severity |
|---|---|---|---|
| 4.1 | Ensure a user for the container has been created | HIGH | |
| 4.4 | Ensure images are scanned and rebuilt to include security patches | CRITICAL | |
| 4.6 | Ensure HEALTHCHECK instructions have been added to the container image | LOW | |
| 4.7 | Ensure update instructions are not used alone in the Dockerfile | HIGH | |
| 4.9 | Ensure COPY is used instead of ADD | LOW | |
| 4.10 | Ensure secrets are not stored in Dockerfiles | CRITICAL |
2. Manual / Host-Level Controls
| Status | ID | Control Description | Severity |
|---|---|---|---|
| 4.2 | Ensure that containers use only trusted base images (Manual) | HIGH | |
| 4.3 | Ensure unnecessary packages are not installed in the container (Manual) | HIGH | |
| 4.5 | Ensure Content trust for Docker is Enabled (Manual) | LOW | |
| 4.8 | Ensure setuid and setgid permissions are removed in the images (Manual) | HIGH | |
| 4.11 | Ensure only verified packages are installed (Manual) | MEDIUM | |
| 4.12 | Ensure all signed artifacts are validated (Manual) | MEDIUM |
Audit Legend
- Passed: Configuration is hardcoded correctly in the image.
- Failed: Violation detected (e.g., Image runs as Root).
- Manual: Cannot be checked inside the build pipeline (Host-dependent or Runtime-dependent).