Lab7 Submission Nikita Timofeev

[MoriSummerz]

Goal

Container security analysis of the OWASP Juice Shop (bkimminich/juice-shop:v19.0.0) image, including vulnerability scanning, CIS Docker Benchmark auditing, and deployment hardening comparison.

Changes

• Added labs/submission7.md with full analysis for all three tasks
• Added scan outputs from Docker Scout, Snyk, Dockle, and Docker Bench for Security
• Added deployment comparison data for default, hardened, and production profiles

Testing

• Docker Scout CVE scan: 118 vulnerabilities found (11C/65H/30M/5L)
• Snyk container test: 53 issues across OS and npm layers
• Dockle configuration assessment: no FATAL issues, informational findings
• CIS Docker Benchmark: 19 PASS, 16 WARN across 74 checks
• Deployment comparison: all three profiles returned HTTP 200, confirming hardening does not break functionality

Artifacts & Screenshots

• labs/lab7/scanning/scout-cves.txt — Docker Scout vulnerability report
• labs/lab7/scanning/snyk-results.txt — Snyk container scan results
• labs/lab7/scanning/dockle-results.txt — Dockle configuration audit
• labs/lab7/hardening/docker-bench-results.txt — CIS Docker Benchmark results
• labs/lab7/analysis/deployment-comparison.txt — Deployment profile comparison

---

Checklist

• PR title is clear and descriptive
• Documentation updated if needed
• No secrets or large temporary files committed
• Task 1 done — Advanced Image Security & Configuration Analysis
• Task 2 done — Docker Security Benchmarking & Assessment
• Task 3 done — Secure Container Deployment Analysis