A few more things to consider: \* I've been playing with checkov recently as a w... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		newman314 on Feb 20, 2022 \| parent \| context \| favorite \| on: How to optimize the security, size and build speed... A few more things to consider: * I've been playing with checkov recently as a way to track Dockerfile quality and best practices * If you use GitHub, here are some additional considerations * Use image digests for base images and configure Dependabot to update * Look into implementing OpenSSF Scorecard and Allstar * Supply chain security is hot right now. Look into cosign (signing) and syft (SBOM) * Step Security has a GitHub action to harden the runner. Think of it as Little Snitch for runners

dlor on Feb 21, 2022 | [–]

Thanks for the cosign mention! Maintainer here. The link is github.com/sigstore/cosign for anyone reading along!

varunsharma07 on Feb 27, 2022 | [–]

Thanks for the mention for harden-runner GitHub Action! sharing the link: https://github.com/step-security/harden-runner

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact