- Vet the use of code from online sources. Use discovery tools to manage and scale up containers securely with runtime protection.
- Focus on how you build access rules and permissions. Understand the level of granularity needed right from day one to build this.
- Harden the container host with policies to prevent resource abuse. Use access control groups, and run containers with read-only images.
- Secure content inside containers by limiting Linux OS features running within it.
- Enforce image source integrity protection to track content changes and determine who made them.
Full post here, 5 mins read