Docker/CIS Benchmarks
Sysdig follows the Prometheus-compatible naming convention for both metrics and labels as opposed to the previous statsd-compatible, legacy Sysdig naming convention. This page shows metrics in the legacy Sysdig naming convention. See Metrics and Label Mapping for the mapping between Sysdig legacy and Prometheus naming conventions.
Compliance metrics are generated from scheduled CIS Benchmark scans that occur in Sysdig Secure. These metrics cover aggregate results of the various CIS Benchmark sections, as well as granular details about how many running containers are failing specific run-time compliance checks.
compliance.docker-bench.container-images-and-build-file.pass_pct
The percentage of successful Docker benchmark tests run on the container images and build files.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-images-and-build-file.tests_fail
The number of failed Docker benchmark tests run against the container images and build file.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-images-and-build-file.tests_pass
The number of successful Docker benchmark tests run against the container images and build file.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-images-and-build-file.tests_total
The total number of tests run against the container images and build file.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-runtime.pass_pct
The percentage of successful container runtime Docker benchmark tests.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-runtime.tests_fail
The number of failed container runtime benchmark tests.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-runtime.tests_pass
The number of successful container runtime Docker benchmark tests.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.container-runtime.tests_total
The total number of Docker benchmark tests run against container runtimes.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-caps-added
The number of containers running without kernel restrictions in place.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-maxretry-not-set
The number of containers configured to not limit installation retries if the initial attempt fails.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-mount-prop-shared
The number of containers that use mount propagation.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-networking-host
The number of containers that share the host’s network namespace.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-apparmor
The number of containers running without an AppArmor profile.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-cpu-limits
The number of containers running with no CPU limits configured.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-health-check
The number of containers that have no HEALTHCHECK instruction
configured.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-mem-limits
The number of containers configured to run without memory limitations.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-pids-cgroup-limit
The number of containers that do not use a cgroup for PIDs.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-restricted-privs
The number of containers running that can have additional privileges configured.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-seccomp
The number of containers that disable the default seccomp profile.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-securityopts
The number of containers running without SELinux options configured.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-no-ulimit-override
The number of containers running that override the default ulimit.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-privileged-ports
The number of containers that have privileged ports mapped into them.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-root-mounted-rw
The number of containers that mount the host’s root filesystem with read/write privileges.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-running-privileged
The number of containers running with the --privileged configuration
option set.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sensitive-dirs
The number of containers that have mounted a sensitive directory from the host.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sharing-docker-sock
The number of containers that share the host’s docker socket.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sharing-host-devs
The number of containers that share one or more host devices.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sharing-host-ipc-ns
The number of containers that share the host’s IPC namespace.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sharing-host-pid-ns
The number of containers that share the host’s PID namespace.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sharing-host-user-ns
The number of containers that share the host’s user namespace.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sharing-host-uts-ns
The number of containers that share the host’s UTS namespace.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-sshd-docker-exec-failures
The number of containers running an SSH daemon.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-unexpected-cgroup
The number of containers running without a dedicated cgroup
configured.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-using-docker0-net
The number of containers using the default docker bridge network
docker0.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.c-wildcard-bound-port
The number of containers that do not bind incoming traffic to a specific interface.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration.pass_pct
The percentage of successful Docker benchmark tests run against the Docker daemon configuration.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration.tests_fail
The number of benchmark tests run against the Docker daemon configuration that failed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration.tests_pass
The number of benchmark tests run against the Docker daemon configuration that passed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration.tests_total
The total number of benchmark tests run against the Docker daemon configuration.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration-files.pass_pct
The percentage of successful Docker benchmark tests run against the Docker daemon configuration files.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration-files.tests_fail
The number of benchmark tests run against the Docker daemon configuration files that failed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration-files.tests_pass
The number of benchmark tests run against the Docker daemon configuration files that passed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-daemon-configuration-files.tests_total
The total number of benchmark tests run against the Docker daemon configuration files.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-security-operations.pass_pct
The percentage of benchmark tests run against Docker security operations that were successful.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-security-operations.tests_fail
The number of benchmark tests run against Docker security operations that failed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-security-operations.tests_pass
The number of benchmark tests run against Docker security operations that passed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-security-operations.tests_total
The total number of benchmark tests run against Docker security operations.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-swarm-configuration.pass_pct
The percentage of benchmark tests run against the Docker swarm configuration that were successful.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-swarm-configuration.tests_fail
The number of benchmark tests run against the Docker swarm configuration that failed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Maxv |
compliance.docker-bench.docker-swarm-configuration.tests_pass
The number of benchmark tests run against the Docker swarm configuration that passed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-swarm-configuration.tests_total
The total number of benchmark tests run against the Docker swarm configuration.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.docker-users
The number of user accounts with permission to access the Docker daemon socket.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.host-configuration.pass_pct
The percentage of benchmark tests run against the host configuration that were successful.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.host-configuration.tests_fail
The number of benchmark tests run against the host configuration that failed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.host-configuration.tests_pass
The number of benchmark tests run against the host configuration that passed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.host-configuration.tests_total
The total number of benchmark tests run against the host configuration.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.img-images-using-add
The number of images that use the COPY function rather than the ADD
function in Dockerfile.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.img-no-healthcheck
The number of images with no HEALTHCHECK instruction configured.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.img-running-root
The number of images that use the root user.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.img-update-insts-found
The number of images that run a package update step without a package installation step.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.pass_pct
The percentage of Docker benchmark tests run that passed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | % |
| Segment By | Container |
| Default Time Aggregation | Average |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Average |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.score
The current pass/fail score for Docker benchmark tests run. The value of
this metric is calculated by starting at zero, and incrementing once for
every successful test, and decrementing once for every test that returns
a WARN result or worse.
| Metadata | Description |
|---|---|
| Metric Type | Counter |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.tests_fail
The total number of Docker benchmark tests that have failed.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.tests_pass
The total number of Docker benchmark tests that have passed
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
compliance.docker-bench.tests_total
The total number of Docker benchmark tests that have been run.
| Metadata | Description |
|---|---|
| Metric Type | Gauge |
| Value Type | Integer |
| Segment By | Container |
| Default Time Aggregation | Rate |
| Available Time Aggregation Formats | Avg, Rate, Sum, Min, Max |
| Default Group Aggregation | Sum |
| Available Group Aggregation Formats | Avg, Sum, Min, Max |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.