Docker/CIS Benchmarks

compliance.docker-bench.container-images-and-build-file.pass_pct

The percentage of successful Docker benchmark tests run on the container images and build files.

compliance.docker-bench.container-images-and-build-file.tests_fail

The number of failed Docker benchmark tests run against the container images and build file.

compliance.docker-bench.container-images-and-build-file.tests_pass

The number of successful Docker benchmark tests run against the container images and build file.

compliance.docker-bench.container-images-and-build-file.tests_total

The total number of tests run against the container images and build file.

compliance.docker-bench.container-runtime.pass_pct

The percentage of successful container runtime Docker benchmark tests.

compliance.docker-bench.container-runtime.tests_fail

The number of failed container runtime benchmark tests.

compliance.docker-bench.container-runtime.tests_pass

The number of successful container runtime Docker benchmark tests.

compliance.docker-bench.container-runtime.tests_total

The total number of Docker benchmark tests run against container runtimes.

compliance.docker-bench.c-caps-added

The number of containers running without kernel restrictions in place.

compliance.docker-bench.c-maxretry-not-set

The number of containers configured to not limit installation retries if the initial attempt fails.

compliance.docker-bench.c-mount-prop-shared

The number of containers that use mount propagation.

compliance.docker-bench.c-networking-host

The number of containers that share the host’s network namespace.

compliance.docker-bench.c-no-apparmor

The number of containers running without an AppArmor profile.

compliance.docker-bench.c-no-cpu-limits

The number of containers running with no CPU limits configured.

compliance.docker-bench.c-no-health-check

The number of containers that have no HEALTHCHECK instruction configured.

compliance.docker-bench.c-no-mem-limits

The number of containers configured to run without memory limitations.

compliance.docker-bench.c-no-pids-cgroup-limit

The number of containers that do not use a cgroup for PIDs.

compliance.docker-bench.c-no-restricted-privs

The number of containers running that can have additional privileges configured.

compliance.docker-bench.c-no-seccomp

The number of containers that disable the default seccomp profile.

compliance.docker-bench.c-no-securityopts

The number of containers running without SELinux options configured.

compliance.docker-bench.c-no-ulimit-override

The number of containers running that override the default ulimit.

compliance.docker-bench.c-privileged-ports

The number of containers that have privileged ports mapped into them.

compliance.docker-bench.c-root-mounted-rw

The number of containers that mount the host’s root filesystem with read/write privileges.

compliance.docker-bench.c-running-privileged

The number of containers running with the --privileged configuration option set.

compliance.docker-bench.c-sensitive-dirs

The number of containers that have mounted a sensitive directory from the host.

compliance.docker-bench.c-sharing-docker-sock

The number of containers that share the host’s docker socket.

compliance.docker-bench.c-sharing-host-devs

The number of containers that share one or more host devices.

compliance.docker-bench.c-sharing-host-ipc-ns

The number of containers that share the host’s IPC namespace.

compliance.docker-bench.c-sharing-host-pid-ns

The number of containers that share the host’s PID namespace.

compliance.docker-bench.c-sharing-host-user-ns

The number of containers that share the host’s user namespace.

compliance.docker-bench.c-sharing-host-uts-ns

The number of containers that share the host’s UTS namespace.

compliance.docker-bench.c-sshd-docker-exec-failures

The number of containers running an SSH daemon.

compliance.docker-bench.c-unexpected-cgroup

The number of containers running without a dedicated cgroup configured.

compliance.docker-bench.c-using-docker0-net

The number of containers using the default docker bridge network docker0.

compliance.docker-bench.c-wildcard-bound-port

The number of containers that do not bind incoming traffic to a specific interface.

compliance.docker-bench.docker-daemon-configuration.pass_pct

The percentage of successful Docker benchmark tests run against the Docker daemon configuration.

compliance.docker-bench.docker-daemon-configuration.tests_fail

The number of benchmark tests run against the Docker daemon configuration that failed.

compliance.docker-bench.docker-daemon-configuration.tests_pass

The number of benchmark tests run against the Docker daemon configuration that passed.

compliance.docker-bench.docker-daemon-configuration.tests_total

The total number of benchmark tests run against the Docker daemon configuration.

compliance.docker-bench.docker-daemon-configuration-files.pass_pct

The percentage of successful Docker benchmark tests run against the Docker daemon configuration files.

compliance.docker-bench.docker-daemon-configuration-files.tests_fail

The number of benchmark tests run against the Docker daemon configuration files that failed.

compliance.docker-bench.docker-daemon-configuration-files.tests_pass

The number of benchmark tests run against the Docker daemon configuration files that passed.

compliance.docker-bench.docker-daemon-configuration-files.tests_total

The total number of benchmark tests run against the Docker daemon configuration files.

compliance.docker-bench.docker-security-operations.pass_pct

The percentage of benchmark tests run against Docker security operations that were successful.

compliance.docker-bench.docker-security-operations.tests_fail

The number of benchmark tests run against Docker security operations that failed.

compliance.docker-bench.docker-security-operations.tests_pass

The number of benchmark tests run against Docker security operations that passed.

compliance.docker-bench.docker-security-operations.tests_total

The total number of benchmark tests run against Docker security operations.

compliance.docker-bench.docker-swarm-configuration.pass_pct

The percentage of benchmark tests run against the Docker swarm configuration that were successful.

compliance.docker-bench.docker-swarm-configuration.tests_fail

The number of benchmark tests run against the Docker swarm configuration that failed.

compliance.docker-bench.docker-swarm-configuration.tests_pass

The number of benchmark tests run against the Docker swarm configuration that passed.

compliance.docker-bench.docker-swarm-configuration.tests_total

The total number of benchmark tests run against the Docker swarm configuration.

compliance.docker-bench.docker-users

The number of user accounts with permission to access the Docker daemon socket.

compliance.docker-bench.host-configuration.pass_pct

The percentage of benchmark tests run against the host configuration that were successful.

compliance.docker-bench.host-configuration.tests_fail

The number of benchmark tests run against the host configuration that failed.

compliance.docker-bench.host-configuration.tests_pass

The number of benchmark tests run against the host configuration that passed.

compliance.docker-bench.host-configuration.tests_total

The total number of benchmark tests run against the host configuration.

compliance.docker-bench.img-images-using-add

The number of images that use the COPY function rather than the ADD function in Dockerfile.

compliance.docker-bench.img-no-healthcheck

The number of images with no HEALTHCHECK instruction configured.

compliance.docker-bench.img-running-root

The number of images that use the root user.

compliance.docker-bench.img-update-insts-found

The number of images that run a package update step without a package installation step.

compliance.docker-bench.pass_pct

The percentage of Docker benchmark tests run that passed.

compliance.docker-bench.score

The current pass/fail score for Docker benchmark tests run. The value of this metric is calculated by starting at zero, and incrementing once for every successful test, and decrementing once for every test that returns a WARN result or worse.

compliance.docker-bench.tests_fail

The total number of Docker benchmark tests that have failed.

compliance.docker-bench.tests_pass

The total number of Docker benchmark tests that have passed

compliance.docker-bench.tests_total

The total number of Docker benchmark tests that have been run.