docs(lab7): container security analysis with Docker Scout, Snyk, and CIS Benchmarks

[examplefirstaccount]

Goal

This PR completes Lab 7 — Container Security: Image Scanning & Deployment Hardening. The objective was to perform vulnerability analysis on container images, audit the Docker host configuration against CIS benchmarks, and evaluate the security impact of deployment hardening flags.

Changes

• Image Vulnerability Scanning: Conducted deep scans of juice-shop:v19.0.0 using Docker Scout and Snyk, identifying critical vulnerabilities in vm2 and the Node.js runtime.
• Configuration Auditing: Performed a best-practice assessment with Dockle, identifying missing health checks and content trust issues.
• CIS Benchmark Audit: Ran docker-bench-security on the host to evaluate the Docker daemon's security posture, resulting in a hardening score of 12.
• Deployment Profile Comparison: Analyzed the resource usage and security boundaries of three runtime profiles (Default, Hardened, Production).
• Security Flag Analysis: Documented the technical impact of Linux capabilities (cap-drop), no-new-privileges, and resource quotas (PIDs, CPU, RAM).

Testing

• Verified scan results by pulling and analyzing the official Juice Shop image.
• Validated the Production deployment profile after resolving seccomp profile conflicts.
• Confirmed resource limits were active using docker stats during functionality tests.

Artifacts & Screenshots

• Results from all scanning tools are stored in labs/lab7/scanning/ and labs/lab7/hardening/.
• Full analysis and research documented in labs/submission7.md.

---

Checklist

• Task 1 done — Advanced Image Security & Configuration Analysis
• Task 2 done — Docker Security Benchmarking & Assessment
• Task 3 done — Secure Container Deployment Analysis
• PR has a clear, descriptive title
• Documentation updated if needed
• No secrets, credentials, or large temporary files committed