# Docker

# Security checklist

  • Use specific version number of image instead of :latest.
  • Prefer to use official (hub.docker.com/_/) images or build on our Gitlab. If you really need 3rd party image, check it and scan witthrough Trivy, then specify sha256: signature of the image.
  • Use multi-stage build (opens new window) to decrease the image size.
  • Make /etc read-only:
RUN chmod a-w /etc
  • Run the app in the container as a user instead of root:
RUN groupadd -r app && useradd --no-log-init -r -g app app.
USER app
  • Delete shell:
RUN rm -rf /bin/*

# Alternative for Docker Desktop on Mac

Docker Desktop on Mac consumes a lot of CPU and very slow. You can use docker-machine with parallels driver.

  • Buy Parallels Desktop Pro.

  • Install docker-machine-parallels:

    brew install docker-machine-parallels

  • Create docker-machine:

    docker-machine create -d parallels prl --parallels-memory=6G --parallels-cpu-count=4 docker-machine env prl eval $(docker-machine env prl)

  • Check it:

    docker-compose ps

# Configure Jetbrains IDE (RubyMine, Idea, etc)

  • Open Docker -> Tools, fill Docker Machine Executable with /usr/local/bin/docker-machine.
  • Open Docker, and switch to Docker Machine.