{"id":18315,"date":"2024-11-18T09:19:44","date_gmt":"2024-11-18T01:19:44","guid":{"rendered":"https:\/\/fwq.ai\/blog\/18315\/"},"modified":"2024-11-18T09:19:44","modified_gmt":"2024-11-18T01:19:44","slug":"docker%e7%9a%84%e5%ae%b9%e5%99%a8%e6%80%8e%e4%b9%88%e6%89%93%e8%a1%a5%e4%b8%81","status":"publish","type":"post","link":"https:\/\/fwq.ai\/blog\/18315\/","title":{"rendered":"docker\u7684\u5bb9\u5668\u600e\u4e48\u6253\u8865\u4e01"},"content":{"rendered":"

\n \u7ed9 docker \u5bb9\u5668\u6253\u8865\u4e01\u7684\u51e0\u79cd\u65b9\u6cd5\u6709\uff1a\u4f7f\u7528\u5b98\u65b9\u4ed3\u5e93\u955c\u50cf\u3001\u521b\u5efa\u81ea\u5df1\u7684\u955c\u50cf\u5e76\u624b\u52a8\u6253\u8865\u4e01\u3001\u4f7f\u7528\u8865\u4e01\u7ba1\u7406\u5de5\u5177\u3002\u5177\u4f53\u6b65\u9aa4\u5305\u62ec\uff1a\u8bc6\u522b\u9700\u8981\u4fee\u8865\u7684\u5bb9\u5668\u3001\u62c9\u53d6\u8865\u4e01\u955c\u50cf\u3001\u66ff\u6362\u53d7\u5f71\u54cd\u7684\u5bb9\u5668\u3001\u9a8c\u8bc1\u8865\u4e01\u3002\n<\/p><\/blockquote>\n

\"docker\u7684\u5bb9\u5668\u600e\u4e48\u6253\u8865\u4e01\u63d2\u56fe\"<\/p>\n

Docker \u5bb9\u5668\u6253\u8865\u4e01<\/strong><\/p>\n

Docker \u5bb9\u5668\u662f\u4e00\u79cd\u8f7b\u91cf\u7ea7\u7684\u865a\u62df\u5316\u73af\u5883\uff0c\u53ef\u4ee5\u5e2e\u52a9\u5f00\u53d1\u8005\u548c\u7cfb\u7edf\u7ba1\u7406\u5458\u5feb\u901f\u3001\u4e00\u81f4\u5730\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u4fdd\u6301\u5bb9\u5668\u7684\u5b89\u5168\u6027\u548c\u7a33\u5b9a\u6027\uff0c\u5b9a\u671f\u7ed9\u5bb9\u5668\u6253\u8865\u4e01\u81f3\u5173\u91cd\u8981\u3002<\/p>\n

\u5982\u4f55\u7ed9 Docker \u5bb9\u5668\u6253\u8865\u4e01<\/strong><\/p>\n

\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u7ed9 Docker \u5bb9\u5668\u6253\u8865\u4e01\uff1a<\/p>\n

1. \u4f7f\u7528 Docker \u5b98\u65b9\u4ed3\u5e93\u955c\u50cf<\/strong><\/p>\n

\u5b98\u65b9\u4ed3\u5e93\u955c\u50cf\u7531 Docker \u7ef4\u62a4\uff0c\u5e76\u5b9a\u671f\u66f4\u65b0\u5b89\u5168\u8865\u4e01\u3002\u60a8\u53ef\u4ee5\u5728 [Docker Hub](https:\/\/hub..com) \u4e0a\u627e\u5230\u5b98\u65b9\u955c\u50cf\u3002<\/p>\n

docker pull your-image:latest<\/pre>\n
 \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
2. \u521b\u5efa\u81ea\u5df1\u7684\u6620\u50cf\u5e76\u624b\u52a8\u6253\u8865\u4e01<\/strong><\/p>\n
\u60a8\u53ef\u4ee5\u521b\u5efa\u81ea\u5df1\u7684 Docker \u955c\u50cf\uff0c\u5e76\u5728\u5176\u4e2d\u5305\u542b\u5fc5\u8981\u7684\u8865\u4e01\u3002\u4f7f\u7528 RUN \u6307\u4ee4\u5728\u955c\u50cf\u6784\u5efa\u8fc7\u7a0b\u4e2d\u5b89\u88c5\u8865\u4e01\u3002<\/p>\n
FROM base-image\nRUN apt-get update && apt-get install -y patch-package<\/pre>\n
 \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
3. \u4f7f\u7528\u8865\u4e01\u7ba1\u7406\u5de5\u5177<\/strong><\/p>\n
\u6709\u8bb8\u591a\u7b2c\u4e09\u65b9\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u60a8\u81ea\u52a8\u7ba1\u7406\u5bb9\u5668\u8865\u4e01\u3002\u4f8b\u5982\uff1a<\/p>\n
    \n
  • [Anchore Enterprise](https:\/\/anchore.com\/products\/enterprise)<\/li>\n
  • [Twistlock](https:\/\/twistlock.com\/)<\/li>\n
  • [Aqua Security](https:\/\/www.aquasec.com\/)<\/li>\n<\/ul>\n
    \u5177\u4f53\u6b65\u9aa4<\/strong><\/p>\n
    1. \u8bc6\u522b\u9700\u8981\u8865\u4e01\u7684\u5bb9\u5668<\/strong><\/p>\n
    \u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u626b\u63cf\u5bb9\u5668\u662f\u5426\u5b58\u5728\u5df2\u77e5\u6f0f\u6d1e\uff1a<\/p>\n
    docker scan --list<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    2. \u62c9\u53d6\u8865\u4e01\u955c\u50cf<\/strong><\/p>\n
    \u4f7f\u7528\u5b98\u65b9\u4ed3\u5e93\u6216\u60a8\u81ea\u5df1\u7684\u955c\u50cf\uff0c\u62c9\u53d6\u5305\u542b\u8865\u4e01\u7684\u6700\u65b0\u955c\u50cf\u3002<\/p>\n
    3. \u66ff\u6362\u53d7\u5f71\u54cd\u7684\u5bb9\u5668<\/strong><\/p>\n
    \u5220\u9664\u53d7\u5f71\u54cd\u7684\u5bb9\u5668\u5e76\u91cd\u65b0\u521b\u5efa\u5b83\uff0c\u4f7f\u7528\u5e26\u6709\u8865\u4e01\u7684\u955c\u50cf\u3002<\/p>\n
    docker stop your-container\ndocker rm your-container\ndocker run -d --name your-container your-image:latest<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    4. \u9a8c\u8bc1\u8865\u4e01<\/strong><\/p>\n
    \u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u9a8c\u8bc1\u5bb9\u5668\u662f\u5426\u5df2\u6210\u529f\u6253\u4e0a\u8865\u4e01\uff1a<\/p>\n
    docker inspect your-container | grep \"Security\"<\/pre>\n
     \u767b\u5f55\u540e\u590d\u5236 <\/p>\n
    \u4ee5\u4e0a\u5c31\u662f\u7684\u5bb9\u5668\u600e\u4e48\u6253\u8865\u4e01\u7684\u8be6\u7ec6\u5185\u5bb9\uff0c\u66f4\u591a\u8bf7\u5173\u6ce8\u7c73\u4e91\u5176\u5b83\u76f8\u5173\u6587\u7ae0\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
    \u7ed9 docker \u5bb9\u5668\u6253\u8865\u4e01\u7684\u51e0\u79cd\u65b9\u6cd5\u6709\uff1a\u4f7f\u7528\u5b98\u65b9\u4ed3\u5e93\u955c\u50cf\u3001\u521b\u5efa\u81ea\u5df1\u7684\u955c\u50cf\u5e76\u624b\u52a8\u6253\u8865\u4e01\u3001\u4f7f\u7528\u8865\u4e01\u7ba1\u7406\u5de5\u5177\u3002\u5177\u4f53\u6b65\u9aa4\u5305\u62ec\uff1a\u8bc6\u522b\u9700\u8981\u4fee\u8865\u7684\u5bb9\u5668\u3001\u62c9\u53d6\u8865\u4e01\u955c\u50cf\u3001\u66ff\u6362\u53d7\u5f71\u54cd\u7684\u5bb9\u5668\u3001\u9a8c\u8bc1\u8865\u4e01\u3002 Docker \u5bb9\u5668\u6253\u8865\u4e01 Docker \u5bb9\u5668\u662f\u4e00\u79cd\u8f7b\u91cf\u7ea7\u7684\u865a\u62df\u5316\u73af\u5883\uff0c\u53ef\u4ee5\u5e2e\u52a9\u5f00\u53d1\u8005\u548c\u7cfb\u7edf\u7ba1\u7406\u5458\u5feb\u901f\u3001\u4e00\u81f4\u5730\u90e8\u7f72\u548c\u7ba1\u7406\u5e94\u7528\u7a0b\u5e8f\u3002\u4e3a\u4e86\u4fdd\u6301\u5bb9\u5668\u7684\u5b89\u5168\u6027\u548c\u7a33\u5b9a\u6027\uff0c\u5b9a\u671f\u7ed9\u5bb9\u5668\u6253\u8865\u4e01\u81f3\u5173\u91cd\u8981\u3002 \u5982\u4f55\u7ed9 Docker \u5bb9\u5668\u6253\u8865\u4e01 \u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u7ed9 Docker \u5bb9\u5668\u6253\u8865\u4e01\uff1a 1. \u4f7f\u7528 Docker \u5b98\u65b9\u4ed3\u5e93\u955c\u50cf \u5b98\u65b9\u4ed3\u5e93\u955c\u50cf\u7531 Docker \u7ef4\u62a4\uff0c\u5e76\u5b9a\u671f\u66f4\u65b0\u5b89\u5168\u8865\u4e01\u3002\u60a8\u53ef\u4ee5\u5728 [Docker Hub](https:\/\/hub..com) \u4e0a\u627e\u5230\u5b98\u65b9\u955c\u50cf\u3002 docker pull your-image:latest \u767b\u5f55\u540e\u590d\u5236 2. \u521b\u5efa\u81ea\u5df1\u7684\u6620\u50cf\u5e76\u624b\u52a8\u6253\u8865\u4e01 \u60a8\u53ef\u4ee5\u521b\u5efa\u81ea\u5df1\u7684 Docker \u955c\u50cf\uff0c\u5e76\u5728\u5176\u4e2d\u5305\u542b\u5fc5\u8981\u7684\u8865\u4e01\u3002\u4f7f\u7528 RUN \u6307\u4ee4\u5728\u955c\u50cf\u6784\u5efa\u8fc7\u7a0b\u4e2d\u5b89\u88c5\u8865\u4e01\u3002 FROM base-image RUN apt-get update && apt-get install -y patch-package \u767b\u5f55\u540e\u590d\u5236 3. \u4f7f\u7528\u8865\u4e01\u7ba1\u7406\u5de5\u5177 \u6709\u8bb8\u591a\u7b2c\u4e09\u65b9\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u60a8\u81ea\u52a8\u7ba1\u7406\u5bb9\u5668\u8865\u4e01\u3002\u4f8b\u5982\uff1a [Anchore Enterprise](https:\/\/anchore.com\/products\/enterprise) [Twistlock](https:\/\/twistlock.com\/) [Aqua Security](https:\/\/www.aquasec.com\/) \u5177\u4f53\u6b65\u9aa4 1. […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-18315","post","type-post","status-publish","format-standard","hentry","category-os"],"_links":{"self":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/18315","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/comments?post=18315"}],"version-history":[{"count":0,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/posts\/18315\/revisions"}],"wp:attachment":[{"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/media?parent=18315"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/categories?post=18315"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fwq.ai\/blog\/wp-json\/wp\/v2\/tags?post=18315"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}