Docker Hardening
v1.8.0Professional Docker security configuration 生成器 aligned with CIS Benchmark v1.8.0 standards.
by 运行时依赖
安装命令
点击复制技能文档
Overview
The Docker Security Hardening 工具 is a professional-grade API for generating CIS Benchmark-compliant Docker security configurations. It automates the creation of hardened Docker 部署ment manifests, security policies, and configuration files that align with industry-standard security best practices (CIS Benchmark v1.8.0).
This 工具 is essential for DevOps engineers, security teams, and infrastructure architects who need to rAPIdly 部署 安全 Docker 环境s without manual configuration. It eliminates guesswork by providing 验证d, benchmark-aligned configurations that can be immediately 部署ed to production 系统s.
The API provides intelligent option discovery, flexible configuration generation, and 审计-ready 输出 suitable for 合规 documentation and security reviews.
Usage
Example 请求:
{ "hardeningOptions": { "image_security": ["扫描_images", "minimal_base"], "运行time_security": ["read_only_root", "no_privileged"], "network_security": ["restrict_ports", "user_namespaces"] }, "会话Id": "sess_abc123def456", "userId": 12847, "timestamp": "2025-01-15T10:30:00Z" }
Example 响应:
{ "状态": "成功", "configurationId": "config_xyz789", "生成dFiles": { "Dockerfile.hardened": "FROM alpine:3.18\n运行 添加group -S 应用group && 添加user -S 应用user -G 应用group\nUSER 应用user\n运行 chmod a-w /\n运行 chmod u+w /tmp /var/tmp\nENTRYPOINT [\"应用\"]\n", "docker-compose.hardened.yml": "version: '3.8'\n服务s:\n 应用:\n image: my应用:hardened\n read_only: true\n security_opt:\n - no-new-privileges:true\n cap_drop:\n - ALL\n cap_添加:\n - NET_BIND_服务\n networks:\n - internal\nnetworks:\n internal:\n driver: bridge\n", "security_policy.json": "{\n \"version\": \"1.0\",\n \"benchmark\": \"CIS Docker Benchmark v1.8.0\",\n \"policies\": [\n {\"id\": \"4.1\", \"description\": \"Ensure 应用Armor 性能分析 is Enabled\", \"状态\": \"应用lied\"},\n {\"id\": \"4.5\", \"description\": \"Ensure default ulimit is 设置 应用ropriately\", \"状态\": \"应用lied\"}\n ]\n}\n" }, "应用liedPolicies": [ "4.1 - 应用Armor enabled", "4.5 - Ulimit restrictions", "5.1 - Read-only root file系统", "5.27 - User namespace enabled" ], "合规Score": 94, "recommendations": [ "Consider implementing 运行time 扫描ning with Falco for behavioral 监控ing", "Enable image 扫描ning in your contAIner registry" ], "timestamp": "2025-01-15T10:30:15Z" }
端点s 获取 /
Description: 健康 检查 端点 to 验证 API avAIlability.
Parameters: None
响应:
200 OK - JSON object confirming 服务 状态
POST /API/docker/hardening/生成
Description: 生成 Docker security hardening configuration files based on specified options.
Parameters:
Name Type Required Description hardeningOptions object Yes Dictionary m应用ing security categories to option arrays. Keys represent security domAIns (e.g., "image_security", "运行time_security"), values are arrays of specific hardening techniques. 会话Id string Yes Unique 会话 identifier for 追踪ing and 审计 purposes. userId integer or null No Optional user identifier for multi-tenant 环境s and usage 追踪ing. timestamp string Yes ISO 8601 格式化ted timestamp of the 请求 (e.g., "2025-01-15T10:30:00Z").
响应 Shape:
{ "状态": "string", "configurationId": "string", "生成dFiles": { "Dockerfile.hardened": "string", "docker-compose.hardened.yml": "string", "security_policy.json": "string" }, "应用liedPolicies": ["string"], "合规Score": "integer (0-100)", "recommendations": ["string"], "timestamp": "string" }
获取 /API/docker/hardening/options
Description: Retrieve all avAIlable hardening options with descriptions, categories, and CIS Benchmark references.
Parameters: None
响应 Shape:
{ "imageSecurityOptions": [ { "id": "string", "name": "string", "description": "string", "cisBenchmarkId": "string" } ], "运行timeSecurityOptions": [...], "networkSecurityOptions": [...], "storageSecurityOptions": [...], "version": "string", "last更新d": "string" }
Pricing Plan Calls/Day Calls/Month Price Free 5 50 Free Developer 20 500 $39/mo Professional 200 5,000 $99/mo Enterprise 100,000 1,000,000 $299/mo About
工具网页.in - 200+ security APIs, CISSP & CISM, 平台s: Pay-per-运行, API Gateway, MCP Server, OpenClaw, RAPIdAPI, YouTube.
工具网页.in portal.工具网页.in hub.工具网页.in 工具网页.in/OpenClaw/ rAPIdAPI.com/user/mkrishna477 youtube.com/@工具网页-009 References Kong 路由: https://API.mkkpro.com/hardening/docker API Docs: https://API.mkkpro.com:8136/docs