Feature/lab7

[fayz131]

Goal

This pull request contains the implementation of Lab 7 — Container Security: Image Scanning & Deployment Hardening.
The goal of this lab was to analyze container image vulnerabilities, audit Docker host security using CIS benchmarks, and compare secure deployment configurations.

Changes

The following work was completed:

• Performed container image vulnerability scanning using Docker Scout
• Performed additional vulnerability scanning using Snyk
• Analyzed container configuration and best practices using Dockle
• Executed CIS Docker Benchmark using docker-bench-security
• Created and compared three deployment profiles:
  • Default
  • Hardened
  • Production
• Collected resource usage and security configuration data
• Documented findings and security recommendations in labs/submission7.md
• Stored all scan outputs in labs/lab7/ directory

Testing

The changes were tested using the following commands and scenarios:

• docker scout cves bkimminich/juice-shop:v19.0.0
• snyk test --docker bkimminich/juice-shop:v19.0.0
• dockle bkimminich/juice-shop:v19.0.0
• docker/docker-bench-security
• Deployment tests with:
  • default container configuration
  • hardened configuration (cap-drop, no-new-privileges, resource limits)
  • production configuration (additional limits and restart policy)
• Verified application availability via HTTP status checks
• Compared resource usage and security settings using docker stats and docker inspect

Artifacts & Screenshots

Artifacts included in this PR:

• Docker Scout vulnerability report
• Snyk vulnerability report
• Dockle configuration scan results
• CIS Docker Benchmark results
• Docker Bench summary
• Deployment comparison report
• Container security analysis document (submission7.md)

---

Checklist

• PR title is clear and descriptive
• Documentation updated if needed
• No secrets, temporary files, or large binaries included