Skip to content

Head First DevSecOps


Security best practices

  • Execution with non-root user
  • Start containers in read-only mode
  • Disable the setuid and setgid permissions
  • Verifying images with Docker Content Trust
  • Resource limitation
  • Disabling ping command in a container
  • AppArmor allows you to regulate permissions and access of the containers in the filesystem
  • SELinux provides a system of rules that allows you to implement access controls to the kernel resources
  • Secure Computing Mode (Seccomp) monitors kernel system calls


  • Implementing DevSecOps with Docker and Kubernetes

Back to Table of Contents

  1. License under CC BY-NC 4.0
  2. Copyright issue feedback, replace # with @
  3. Not all the commands and scripts are tested in production environment, use at your own risk
  4. No personal information is collected.