Container Security
Baseline

HARDN-Docker enforces CIS Docker Benchmark v1.7 controls across your container infrastructure. Rootless execution, hardened profiles, and image compliance scanning, configured by default.

Download HARDN-Docker View on GitHub

CIS Docker Benchmark

Full CIS Docker Benchmark v1.7 control implementation, host, daemon, images, and runtime.

Rootless Execution

Configures Docker and Podman for rootless operation, eliminating privilege escalation vectors.

Read-Only Filesystems

Mounts container filesystems as read-only by default with explicit writeable volume mounts.

Seccomp + AppArmor

Ships hardened seccomp and AppArmor profiles that restrict dangerous syscalls by default.

Image Compliance Scan

OCI image scanning validates base images against known CVEs and hardening requirements.

CI/CD Integration

GitHub Actions and GitLab CI examples for policy enforcement on every container build.

Quick Start

Option A, Docker Pull

# Pull the pre-built image from GitHub Container Registry

docker pull ghcr.io/security-international-group/hardn-docker:latest

# Run with hardened defaults (read-only rootfs, no-new-privileges)

docker run --rm \

--read-only \

--security-opt no-new-privileges \

--cap-drop ALL \

ghcr.io/security-international-group/hardn-docker:latest

Option B, Clone & Build

# Clone the repository

git clone https://github.com/Security-International-Group/HARDN_DOCKER.git

cd HARDN_DOCKER

# Build the hardened image locally

docker build -t hardn-docker .

# Or use Docker Compose

docker compose up -d

Container SecurityBaseline